#!/usr/bin/perl
my $id = `id`;
$> = 1000;
print qq{Content-Type: text/plain\n\n$id\$!=$!\n};using "AssignUserID jagerman jagerman" for the VirtualHost, and where 1000 is my user id. The "$> = 1000" line of that script is just doing a seteuid to the current euid, and that call is failing under the new mpm-itk.
Under the previous version (2.4.6-3 for both apache2 and apache2-mpm-itk) and running the script on the command line this seteuid call succeeds, indicating no error:
uid=1000(jagerman) gid=1000(jagerman) groups=1000(jagerman),27(sudo),50(staff)
$!=but under the new libapache2-mpm-itk 2.4.6-01-1 and apache2 2.4.7-1, the seteuid is failing:
uid=1000(jagerman) gid=1000(jagerman) groups=1000(jagerman),27(sudo),50(staff)
$!=Operation not permittedThe same thing happens if I change the script to do a setegid (by changing '$>' to '$)').
In my case, my CGI script that had an ssh call stopped working when I upgraded (apparently ssh fails if it is unable to seteuid).
My guess here is that something in the new apache/mpm-itk combination is removing the ability to seteuid/setegid sometime after the seteuid is done for the VirtualHost, and this is breaking anything later in the request that needs to do a seteuid, even for a trivial seteuid to the already active euid.
-- Jason Rhinelander
smime.p7s
Description: S/MIME Cryptographic Signature
