24824 – suexec assumes ~ means userdir

Bug 24824 - suexec assumes ~ means userdir

Summary: suexec assumes ~ means userdir

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Apache httpd-1.3
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	HEAD
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-11-19 14:02 UTC by Matthew Wilcox
Modified:	2004-12-03 11:59 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Wilcox 2003-11-19 14:02:29 UTC

Forwarding Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=70982

--- begin quote ---

Apache will call suexec in "user" mode (specifying a user to su to), when
any URL starts with ~.  It does not check if UserDir has been disabled before
doing this.

ViewCvs (and cvsweb) use the token "~checkout~" at the front of a URL to
indicate that the file should be downloaded from CVS.  If a server is setup
such as "cvs.example.com", with a rewrite rule pointing at the CGI script,
suexec will be run, and try to switch to user "checkout", which is incorrect.

This bug should probably be forwarded upstream.  I think a test to see if
userdir is disabled, and if so, pass any parameters verbatim, would solve
the problem.

--- end quote ---

Note that this specific problem is no longer relevant; viewcvs now uses
*checkout* instead of ~checkout~, but there may be other situations when
this is inappropriate.

Comment 1 Joshua Slive 2004-12-03 20:59:32 UTC

(Fixed in 2.0)