>Number: 2868 >Category: suexec >Synopsis: Apache allows execution of setuid cgi's without suexec >installed. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Aug 18 13:20:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.1 >Environment: RedHat Linux 5.1, Kernel 2.0.35. gcc compiler version 2.7.2.3-11. >Description: I had trouble installing the suExec module, and once it compiled, it did not appear to be loading when the server loaded. I set the suid bit on the cgi, and the cgi ran as the owner. However, I was able to run cgi's as root. Also, I replaced my apache installation with the original, which was NOT configured to run suEXEC, and the cgi's continued to execute as the owner. >How-To-Repeat: chmod 4711 file.cgi; this sets the setuid bit, and apahce will execute the file as the owner. >Fix:
>Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
