https://bz.apache.org/bugzilla/show_bug.cgi?id=60426
Bug ID: 60426
Summary: suexec dosnt use AP_SAFE_PATH
Product: Apache httpd-2
Version: 2.4.23
Hardware: All
OS: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I compiled suexec with
# support/suexec -V
-D AP_DOC_ROOT="/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/var/apache2/2.4/logs/suexec_log"
-D AP_SAFE_PATH="/usr/wwwbin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX=".public_html"
#
But suexec dont use AP_SAFE_PATH, scripts from /usr/bin can execute from every
user. A look at suexec.c shows, that AP_SAFE_PATH is without effect.
In apache2.2 it works.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
