DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24824>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24824 suexec assumes ~ means userdir Summary: suexec assumes ~ means userdir Product: Apache httpd-1.3 Version: HEAD Platform: All OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Other AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Forwarding Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=70982 --- begin quote --- Apache will call suexec in "user" mode (specifying a user to su to), when any URL starts with ~. It does not check if UserDir has been disabled before doing this. ViewCvs (and cvsweb) use the token "~checkout~" at the front of a URL to indicate that the file should be downloaded from CVS. If a server is setup such as "cvs.example.com", with a rewrite rule pointing at the CGI script, suexec will be run, and try to switch to user "checkout", which is incorrect. This bug should probably be forwarded upstream. I think a test to see if userdir is disabled, and if so, pass any parameters verbatim, would solve the problem. --- end quote --- Note that this specific problem is no longer relevant; viewcvs now uses *checkout* instead of ~checkout~, but there may be other situations when this is inappropriate. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
