Date: Sat, 20 Jan 2007 23:00:24 GMT From: Bolinard Vincent<VInzstyle@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/108169: Wrong AP_SAFE_PATH for suEXEC with apache20 package Message-ID: <200701202300.l0KN0OVb027606@www.freebsd.org> Resent-Message-ID: <200701202310.l0KNAHPm032217@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108169 >Category: misc >Synopsis: Wrong AP_SAFE_PATH for suEXEC with apache20 package >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 20 23:10:16 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Bolinard Vincent >Release: 6.2-RELEASE >Organization: >Environment: FreeBSD server.vinzland.net 6.2-RELEASE FreeBSD 6.2-RELEASE #2: Fri Jan 19 23:33:32 CET 2007 temp1@server.vinzland.net:/usr/obj/usr/src/sys/SERVER i386 >Description: I installed apache20 package with : # pkg_add -r apache20 Everything is working fine but suEXEC. If the module is loaded without any additional options, it works. But, if I try to set the SuexecUserGroup option in a vhost, this is what I get when I run apachectl -t : Warning: SuexecUserGroup directive requires SUEXEC wrapper. Syntax OK So, I checked suEXEC with : # /usr/local/sbin/suexec -V -D AP_DOC_ROOT="/usr/local/www/data" -D AP_GID_MIN=1000 -D AP_HTTPD_USER="www" -D AP_LOG_EXEC="/var/log/httpd-suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=1000 -D AP_USERDIR_SUFFIX="public_html" The AP_SAFE_PATH is wrong. >How-To-Repeat: >Fix: The AP_SAFE_PATH should be set (at least) like this : "/usr/local/bin:/usr/local/sbin:/usr/bin:/bin" to include the /usr/local/sbin directory which contains the suEXEC binary. On my personal machine I copied suEXEC (with -p argument) to /usr/local/bin and ran apachectl -t : Syntax OK No warning about suEXEC. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701202300.l0KN0OVb027606>