>Number: 2022 >Category: suexec >Synopsis: exec failure message fails to log, permission denied >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Mar 31 13:10:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3b5 >Environment: Linux 2.0.30 Hybrid Apache 1.2.6, I use suEXEC and rotatelogs from the 1.3 tree >Description: If suEXEC's log file is only writable by root, the error message from execv() fails (permission denied) causing errors to go to Apache's error log. >How-To-Repeat: touch /var/log/cgi.log chmod 0600 /var/log/cgi.log cp /tmp/apache/cgi-bin/printenv ~mine/www/printenv.cgi chmod 0 ~mine/www/printenv.cgi lynx http://localhost/~mine/printenv.cgi >Fix: Preferred: recapture root privilege before logging the error Acceptable: die with a better message in Apache's error log OK, I guess: silently die and let the site maintainer puzzle it out %0 >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
