�
Report forwarded to debian-bugs-dist@lists.debian.org, Johnie Ingram <johnie@debian.org>:
Bug#83602; Package apache.
�
�
debian-bugs-dist@lists.debian.org�Johnie Ingram
�
Subject: Bug#83602: suexec+/cgi-bin/=fault
Reply-To: opa@oniltz.tdisie.nsc.ru, 83602@bugs.debian.org
Resent-From: opa@oniltz.tdisie.nsc.ru
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: Johnie Ingram
Resent-Date: Fri, 26 Jan 2001 03:33:18 GMT
Resent-Message-ID:
Resent-Sender: owner@bugs.debian.org
X-Debian-PR-Message: report 83602
X-Debian-PR-Package: apache
X-Debian-PR-Keywords:
X-Loop: owner@bugs.debian.org
Received: via spool by bugs@bugs.debian.org id=B.9804799516189
(code B ref -1); Fri, 26 Jan 2001 03:33:18 GMT
Date: 26 Jan 2001 03:32:01 -0000
Message-ID: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>
From: opa@oniltz.tdisie.nsc.ru
To: submit@bugs.debian.org
Delivered-To: submit@bugs.debian.org
Package: apache
Version: 1.3.14
There are I setup suexec I found my system-wide and trusted scripts from
/usr/lib/cgi-bin/ fails because "command not in docroot
(/usr/lib/cgi-bin/php)" and others too.
because dir treats as trusted with write access only for root I decided to
patch suexec to allow run scripts from this dir w/o so strict checks for
this dir. Patch follows.
IMHO it's sufficiently safe and simple to be uploaded to unstable
I uses potato/i386,kernel 2.2.18,apache_1.3.14-2
83a84,85
> #define safe_dir "/usr/lib/cgi-bin"
>
481a484
> int insafedir = 0; /* OPA run this dir as requsted*/
635,636c638,639
< * a UID less than UID_MIN. Tsk tsk.
< */
---
> * a UID less than UID_MIN. Tsk tsk.
> */
682a686,690
> /*
> * OPA: check if script from safe dir and any user can run it by itself
> */
> if(!strncmp(cwd,safe_dir,strlen(safe_dir)))insafedir=1;
>
701c709
< if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
---
> if (!insafedir&&(strncmp(cwd, dwd, strlen(dwd))) != 0) {
734c742
<
---
>
760c768,769
< if ((uid != dir_info.st_uid) ||
---
> if(!insafedir)
> if ((uid != dir_info.st_uid) ||
�
�
Acknowledgement sent to opa@oniltz.tdisie.nsc.ru:
New Bug report received and forwarded. Copy sent to Johnie Ingram <johnie@debian.org>.
�
�
-t
�
From: owner@bugs.debian.org (Debian Bug Tracking System)
To: opa@oniltz.tdisie.nsc.ru
Subject: Bug#83602: Acknowledgement (suexec+/cgi-bin/=fault)
Message-ID:
In-Reply-To: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>
References: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>
X-Debian-PR-Message: ack 83602
Thank you for the problem report you have sent regarding Debian.
This is an automatically generated reply, to let you know your message has
been received. It is being forwarded to the developers mailing list for
their attention; they will reply in due course.
Your message has been sent to the package maintainer(s):
Johnie Ingram
If you wish to submit further information on your problem, please send
it to 83602@bugs.debian.org (and *not* to
bugs@bugs.debian.org).
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the Bug-tracking system.
Darren Benham
(administrator, Debian Bugs database)
�
�
Received: (at submit) by bugs.debian.org; 26 Jan 2001 03:32:31 +0000
From opa@oniltz.tdisie.nsc.ru Thu Jan 25 21:32:31 2001
Return-path:
Received: from oniltz.tdisie.nsc.ru [::ffff:194.226.167.143]
by master.debian.org with smtp (Exim 3.12 1 (Debian))
id 14LzcW-0001bF-00; Thu, 25 Jan 2001 21:32:29 -0600
Received: (qmail 16628 invoked by uid 1002); 26 Jan 2001 03:32:01 -0000
Date: 26 Jan 2001 03:32:01 -0000
Message-ID: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>
From: opa@oniltz.tdisie.nsc.ru
To: submit@bugs.debian.org
Subject: suexec+/cgi-bin/=fault
Delivered-To: submit@bugs.debian.org
Package: apache
Version: 1.3.14
There are I setup suexec I found my system-wide and trusted scripts from
/usr/lib/cgi-bin/ fails because "command not in docroot
(/usr/lib/cgi-bin/php)" and others too.
because dir treats as trusted with write access only for root I decided to
patch suexec to allow run scripts from this dir w/o so strict checks for
this dir. Patch follows.
IMHO it's sufficiently safe and simple to be uploaded to unstable
I uses potato/i386,kernel 2.2.18,apache_1.3.14-2
83a84,85
> #define safe_dir "/usr/lib/cgi-bin"
>
481a484
> int insafedir = 0; /* OPA run this dir as requsted*/
635,636c638,639
< * a UID less than UID_MIN. Tsk tsk.
< */
---
> * a UID less than UID_MIN. Tsk tsk.
> */
682a686,690
> /*
> * OPA: check if script from safe dir and any user can run it by itself
> */
> if(!strncmp(cwd,safe_dir,strlen(safe_dir)))insafedir=1;
>
701c709
< if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
---
> if (!insafedir&&(strncmp(cwd, dwd, strlen(dwd))) != 0) {
734c742
<
---
>
760c768,769
< if ((uid != dir_info.st_uid) ||
---
> if(!insafedir)
> if ((uid != dir_info.st_uid) ||
�
�
Severity set to `wishlist'.
Request was from Matthew Wilcox <willy@debian.org>
to control@bugs.debian.org.
�
�
Received: (at control) by bugs.debian.org; 21 Oct 2003 12:58:08 +0000
From willy@www.linux.org.uk Tue Oct 21 07:58:06 2003
Return-path:
Received: from parcelfarce.linux.theplanet.co.uk (www.linux.org.uk) [195.92.249.252]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1ABw5O-0002Uh-00; Tue, 21 Oct 2003 07:58:06 -0500
Received: from willy by www.linux.org.uk with local (Exim 4.22)
id 1ABw5N-0005xt-Rf
for control@bugs.debian.org; Tue, 21 Oct 2003 13:58:05 +0100
Date: Tue, 21 Oct 2003 13:58:05 +0100
From: Matthew Wilcox
To: control@bugs.debian.org
Subject: wishlist
Message-ID: <20031021125805.GB18370@parcelfarce.linux.theplanet.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender:
Delivered-To: control@bugs.debian.org
X-Spam-Status: No, hits=0.0 required=4.0
tests=none
version=2.53-bugs.debian.org_2003_10_21
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_10_21 (1.174.2.15-2003-03-30-exp)
severity 83602 wishlist
�
�
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#83602; Package apache.
�
�
debian-bugs-dist@lists.debian.org�Debian Apache Maintainers
�
X-Loop: owner@bugs.debian.org
Subject: Bug#83602: Job Opportunity at Luksus
Reply-To: "bryce otto" , 83602@bugs.debian.org
Resent-From: "bryce otto"
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: Debian Apache Maintainers
Resent-Date: Sun, 07 Sep 2008 07:48:44 +0000
Resent-Message-ID:
Resent-Sender: owner@bugs.debian.org
X-Debian-PR-Message: followup 83602
X-Debian-PR-Package: apache
X-Debian-PR-Keywords:
X-Debian-PR-Source: apache
Received: via spool by 83602-submit@bugs.debian.org id=B83602.12207728378014
(code B ref 83602); Sun, 07 Sep 2008 07:48:44 +0000
Received: (at 83602) by bugs.debian.org; 7 Sep 2008 07:33:57 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
(2007-08-08) on rietz.debian.org
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=4.0 tests=JOBS,MONEY autolearn=no
version=3.2.3-bugs.debian.org_2005_01_02
Received: from [90.150.241.40]
by rietz.debian.org with esmtp (Exim 4.63)
(envelope-from )
id 1KcEmS-00023M-49
for 83602@bugs.debian.org; Sun, 07 Sep 2008 07:33:57 +0000
Message-ID: <000801c910bc$055a140c$7be27386@jjxhrb>
From: "bryce otto"
To: <83602@bugs.debian.org>
Date: Sun, 07 Sep 2008 05:46:31 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
We have reviewed your resume and would like to introduce you to our
current vacancy.
Luksus, with headquarters in Helsinki, Finland, serves the luxury
lifestyle and offers unparalleled access to the finest luxury
goods. We offer a unique mix of brands, partnerships, and product
expertise. We are currently hiring, work at home positions, to
provide administrative assistance with sales in North America.
Candidates for the job should possess excellent organizational
skills as well as the ability to efficiently multi-task. Ideal
candidates have a strong focus on day-to-day operational
excellence. The candidate should be motivated, proactive, be able
to learn and adapt quickly.
Other duties include, but are not limited to:
* Incorporating effective priorities for the virtual office function
* Administer day-to-day financial responsibilities for clients
* Reporting online daily
* Preparing brief summary reports, and weekly financial reports
Salary part-time (3 hours per day, Monday-Friday): $1,200/month,
plus commission.
If you are interested in this position please send us an email to
Sandra.Collins@luksus-jobs.org expressing your interest and we will
forward you the detailed job description and the working agreement.
Thank You,
Luksus Team
�
�
Acknowledgement sent to "bryce otto" <vangeffenreclame@planet.nl>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
�
�
-t
�
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
Content-Type: text/plain; charset=utf-8
X-Loop: owner@bugs.debian.org
From: owner@bugs.debian.org (Debian Bug Tracking System)
To: "bryce otto"
Subject: Bug#83602: Info received (Job Opportunity at Luksus)
Message-ID:
References: <000801c910bc$055a140c$7be27386@jjxhrb>
X-Debian-PR-Message: ack-info 83602
X-Debian-PR-Package: apache
X-Debian-PR-Source: apache
Reply-To: 83602@bugs.debian.org
Thank you for the additional information you have supplied regarding
this Bug report.
This is an automatically generated reply to let you know your message
has been received.
Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.
Your message has been sent to the package maintainer(s):
Debian Apache Maintainers
If you wish to submit further information on this problem, please
send it to 83602@bugs.debian.org, as before.
Please do not send mail to owner@bugs.debian.org unless you wish
to report a problem with the Bug-tracking system.
--=20
83602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D83602
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
�
�
Received: (at 83602) by bugs.debian.org; 7 Sep 2008 07:33:57 +0000
From vangeffenreclame@planet.nl Sun Sep 07 07:33:57 2008
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
(2007-08-08) on rietz.debian.org
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=4.0 tests=JOBS,MONEY autolearn=no
version=3.2.3-bugs.debian.org_2005_01_02
Return-path:
Received: from [90.150.241.40]
by rietz.debian.org with esmtp (Exim 4.63)
(envelope-from )
id 1KcEmS-00023M-49
for 83602@bugs.debian.org; Sun, 07 Sep 2008 07:33:57 +0000
Message-ID: <000801c910bc$055a140c$7be27386@jjxhrb>
From: "bryce otto"
To: <83602@bugs.debian.org>
Subject: Job Opportunity at Luksus
Date: Sun, 07 Sep 2008 05:46:31 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
We have reviewed your resume and would like to introduce you to our
current vacancy.
Luksus, with headquarters in Helsinki, Finland, serves the luxury
lifestyle and offers unparalleled access to the finest luxury
goods. We offer a unique mix of brands, partnerships, and product
expertise. We are currently hiring, work at home positions, to
provide administrative assistance with sales in North America.
Candidates for the job should possess excellent organizational
skills as well as the ability to efficiently multi-task. Ideal
candidates have a strong focus on day-to-day operational
excellence. The candidate should be motivated, proactive, be able
to learn and adapt quickly.
Other duties include, but are not limited to:
* Incorporating effective priorities for the virtual office function
* Administer day-to-day financial responsibilities for clients
* Reporting online daily
* Preparing brief summary reports, and weekly financial reports
Salary part-time (3 hours per day, Monday-Friday): $1,200/month,
plus commission.
If you are interested in this position please send us an email to
Sandra.Collins@luksus-jobs.org expressing your interest and we will
forward you the detailed job description and the working agreement.
Thank You,
Luksus Team
�