1. symlinked homedirs will kill ~userdirs.
Fixed by the addition of Jim Jagielski's code that he graciously beat over Jason and mine's head but did not get through for me. We now dowa chdir() to the DOCROOT be that the built one for users, or the compiled in DOCROOT. I've resisted the idea of a chdir() here, but I see no other way to make this work in a situation where the user's homedir taken from the passwd file does not agree with the filesystems true mapping. Looking at using realpath() or some other similar solution appears to just do a chdir() which was the whole point of avoiding this in the past. Since opening and reading a directory as root seems to be a read-only operation, I see no security whole here. Comments welcome. 2. initgroups() on Linux 2.0.x clobbers gr->grid. initgroups() call removed from wrapper code until we can establish portable fix here. 3. CGI command lines paramters problems Code in call_exec() was not properly passing arguments in argv[] if you want to pass arguments via '+' separated URL. Taking the hint from Jake Buchholz I have changed create_argv() to accept a variable number of parameters. This is the only change to the server code and is included first in the patch below. 4. pw-pwdir for "docroot check" still the httpd user's pw record. Major order problem in wrapper code. 5. strchr() returns a char*, not a char git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@77315 13f79535-47bb-0310-9956-ffa450edef68
Please register or sign in to comment