>Number: 1894 >Category: suexec >Synopsis: SUEXEC_BIN is set to /usr/local/apache... regardless of >HTTPD_ROOT >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Sun Mar 1 18:00:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3b5 >Environment: doesn't matter >Description: SUEXEC_BIN is set to a file in /usr/local/apache regardless of the configured setting of HTTPD_ROOT. If someone has ExecCGI turned on under UserDirs, upgrades with HTTPD_ROOT = something else, and runs it, the CGI scripts will be run as the server.
Naturally, you should check things like this before you upgrade, but some folks won't. >How-To-Repeat: >Fix: --- httpd.h 1998/02/28 20:26:44 1.1.1.1 +++ httpd.h 1998/03/02 01:52:25 @@ -233,7 +233,7 @@ /* The path to the suExec wrapper, can be overridden in Configuration */ #ifndef SUEXEC_BIN -#define SUEXEC_BIN "/usr/local/apache/sbin/suexec" +#define SUEXEC_BIN HTTPD_ROOT "/sbin/suexec" #endif /* The default string lengths */ %0 >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
