DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31517>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31517 suEXEC setuid check fails on OpenBSD Summary: suEXEC setuid check fails on OpenBSD Product: Apache httpd-2.0 Version: 2.0.51 Platform: PC OS/Version: Other Status: UNCONFIRMED Severity: Major Priority: Other Component: support AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] In httpd-2.0.51 and httpd-2.0.52, suEXEC will not load under OpenBSD if compiled in directly due to a faulty setuid check. $ ./configure --prefix=/usr/local/apache2 --exec-prefix=/usr/local/apache2 --bindir=/usr/local/apache2/bin --sbindir=/usr/local/apache2/sbin --enable-layout=OpenBSD --enable-modules=all --enable-so --enable-ssl --enable-rewrite --enable-autoindex --enable-suexec --with-suexec-bin=/usr/local/apache2/sbin/suexec --with-suexec-caller=www --with-suexec-docroot=/usr/local/apache2/cgi-bin --disable-ipv6 --with-ssl $ /usr/local/apache2/sbin/httpd -V Server version: Apache/2.0.52 Server built: Oct 3 2004 09:25:52 Server's Module Magic Number: 20020903:9 Architecture: 32-bit Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_MMAP -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="/usr/local/apache2" -D SUEXEC_BIN="/usr/local/apache2/sbin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" $ ls -lF /usr/local/apache2/sbin/suexec -rwsr-x--- 1 root suexec 30529 Oct 3 09:28 /usr/local/apache2/sbin/suexec* $ /usr/local/apache2/sbin/suexec -V -D AP_DOC_ROOT="/usr/local/apache2/cgi-bin" -D AP_GID_MIN=100 -D AP_HTTPD_USER="www" -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html" [httpd runs as user www, group suexec]: $ ps auxwwww | grep httpd www 10433 0.0 0.3 1936 1716 ?? I 9:29AM 0:00.01 /usr/local/apache2/sbin/httpd -k start $ /usr/local/apache2/sbin/apachectl configtest Warning: SuexecUserGroup directive requires SUEXEC wrapper. Warning: SuexecUserGroup directive requires SUEXEC wrapper. Warning: SuexecUserGroup directive requires SUEXEC wrapper. Syntax OK On lines 217 and 221 of httpd-2.0.52/os/unix/unixd.c : /* since APR 0.9.5 */ #ifdef APR_USETID if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { #endif unixd_config.suexec_enabled = 1; #ifdef APR_USETID } #endif } ...changed to the following (to disable the check): /* since APR 0.9.5 */ #if 0 if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { #endif unixd_config.suexec_enabled = 1; #if 0 } #endif } ...it then allows suexec to work fine once you rebuild. This is the case in httpd-2.0.51 and httpd-2.0.52 on OpenBSD. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
