>Number: 1731 >Category: suexec >Synopsis: suexec fails for SSI with arguments >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun Jan 25 20:10:01 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.4 & 1.2.5 >Environment: Linux secundus 2.0.30 #8 Mon Oct 6 15:14:50 CDT 1997 i586 unknown gcc version 2.7.2.2 >Description: The docs for mod_include sez: "cmd -- The server will execute the given string using /bin/sh. The include variables are available to the command. "
But if arguments are given it fails with a 'cannot stat program' in the cgi log; without args, it works o.k. (At least this is true in a suexec environment.) The workaround is to package what would be arguments into a script without args and call the arg-less script through the SSI. >How-To-Repeat: Working: http://www.themarquis.com/index.shtml Failing: http://www.themarquis.com/showbug.shtml These are identical except that the working one execs a script that contains what the failing one calls directly via 'exec cmd=...'. >Fix: suexec.c does not parse the cmd at all. It passes the whole command string to lstat. Instead, pass everything up to the first whitespace character to lstat, not the whole string >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
