Your message dated Wed, 16 Sep 2009 20:34:04 +0100
with message-id <[email protected]>
and subject line Package apache has been removed from Debian
has caused the Debian Bug report #385656,
regarding apache: mod_cgi does not play well with Posix ACLs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
385656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385656
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apache
Version: 1.3.34-4+aclfix
Severity: normal
Apache's mod_cgi will not execute cgi scripts that
have an ACL entry allowing www-data to execute them
unless they also have standard Unix permissions
allowing execution. Thus defeating the purpose of using
the ACL in the first place.
I have attached a patch that seems to work for me.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages apache depends on:
ii apache-common 1.3.34-4+aclfix support files for all Apache webse
ii debconf [debconf-2.0] 1.4.30.11 Debian configuration management sy
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libdb4.4 4.4.20-3 Berkeley v4.4 Database Libraries [
ii libexpat1 1.95.8-3.2 XML parsing C library - runtime li
ii libmagic1 4.12-1 File type determination library us
ii logrotate 3.7-2 Log rotation utility
ii lsb-base 3.0-16 Linux Standard Base 3.0 init scrip
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-6.1 Larry Wall's Practical Extraction
apache recommends no packages.
-- debconf information excluded
--
the Edward Blevins <[email protected]> (512) 796-6661
/(0\ mi tavla fo la lojban .i xu do go'i?
\1)/ .i.e'u ko vitke fi zoi .url. http://www.lojban.org .url.
Today is Prickle-Prickle, the 25th day of Bureaucracy in the YOLD 3172
diff -Naurd build-tree/apache_1.3.34/src/modules/standard/mod_cgi.c
apache_1.3.34-cgi-acl-fix/src/modules/standard/mod_cgi.c
--- build-tree/apache_1.3.34/src/modules/standard/mod_cgi.c 2004-11-24
13:10:19.000000000 -0600
+++ apache_1.3.34-cgi-acl-fix/src/modules/standard/mod_cgi.c 2006-09-01
16:02:49.821235919 -0500
@@ -382,9 +382,14 @@
return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
"attempt to invoke directory as script");
if (!ap_suexec_enabled) {
- if (!ap_can_exec(&r->finfo))
- return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
- "file permissions deny server execution");
+ if(access(r->filename, X_OK)) {
+ if (errno == EACCES)
+ return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
+ "file permissions deny server execution");
+ else
+ return log_scripterror(r, conf, SERVER_ERROR, APLOG_NOERRNO,
+ "system error checking execute access");
+ }
}
if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
--- End Message ---
--- Begin Message ---
Version: 1.3.34-4.1+rm
You filled the bug http://bugs.debian.org/385656 in Debian BTS
against the package apache. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/418266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---
