Bug 183613

Summary: suexec module follows symlinks then realpath's them then complains because they aren't where the symlink is
Product: [Fedora] Fedora Reporter: JW <ohtmvyyn>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-29 14:03:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description JW 2006-03-02 10:34:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows; U; AIIEEEE!; Win98; Windows 98; en-US; Gecko masquerading as IE; should it matter?; rv:1.8b) Gecko/20050217

Description of problem:
If you configure httpd to use suexec module, and you configure a directory with "Options FollowSymLinks", then suexec follows the symlink ok but then it does a realpath() (or whatever) and then complains that the symlink target doesn't live in the "docroot".


Version-Release number of selected component (if applicable):
httpd-2.0.54-10.2

How reproducible:
Always

Steps to Reproduce:
1.create a symlink in user ~/public_html/cgi-bin dir to file in any location
2.configure httpd.conf to have above directory have "Options FollowSymLinks" and "ExecCGI"
3.Open broser and execute the cgi

  

Actual Results:  In /var/log/suexec.log:
command not in docroot (/home/USER/REALPATH/file)


Expected Results:  Should have worked properly


Additional info:

This behaviouuur is quite unlike the behaviouuur in non-suexec locations like /var/www/cgi-bin where followed symlinks can be anywhere outside of so-called docroot.  Since a user is totally constrained as to where they can create a file with a symlink to it, it is pointless for a program like suexec to say otherwise.

Comment 1 Christian Iseli 2007-01-20 00:51:11 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 2 JW 2007-01-20 01:03:52 UTC
Reassigned because Christian Iseli should either contribute positively to this
bug report else leave it alone.


Comment 3 Joe Orton 2007-03-29 14:03:02 UTC
This behaviour is the intent of the suexec security model; it ensures that
directory really does lie within the userdir docroot (~/public_html).  You can
always hard-link files into the public_html if you want.