www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Adams <cmad...@hiwaay.net>
Subject suexec/5567: suexec and SSI "exec cmd" don't cooperate when cmd include args
Date Tue, 11 Jan 2000 17:44:27 GMT

>Number:         5567
>Category:       suexec
>Synopsis:       suexec and SSI "exec cmd" don't cooperate when cmd include args
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jan 11 09:50:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     cmadams@hiwaay.net
>Release:        1.3.9
>Organization:
apache
>Environment:
OSF1 fly.HiWAAY.net V4.0 1229 alpha
Digital UNIX V4.0F  (Rev. 1229); Fri Dec 31 17:08:02 CST 1999
>Description:
An include like <!--#exec cmd="test.pl a b c"> does not work in a
user's public_html directory when using suexec.  The problem is
that suexec gets the cmd part as a single string, not broken on
spaces.
>How-To-Repeat:
Put the above tag in a server-parsed file.  suexec will attempt
to run a program named "test.pl a b c", which fails (and is
logged).
>Fix:
I patched suexec to split the command on spaces.  Since it is
very unusual to have actual commands that include spaces, this
should be okay.  My patch is available at (so it isn't munged
up by the web):
http://hiwaay.net/~cmadams/files/misc/suexec-cmdargs.patch
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message