Description of problem:

Trying to run ANY CGI script with httpd-2.4.6-2.fc19.x86_64
fails with 'End of script output before headers' .

After much debugging and head scratching, (the above is the only
message in the error_log) I found this was because
the suexec module is enabled, and /sbin/suexec is installed with
group apache :

# ls -l /sbin/suexec 
-r-x--x---. 1 root apache 15400 Jul 31 07:50 /sbin/suexec

So suexec , even though it will run with an effective UID of root,
runs with an effective GID of apache, so it can never setgid() -
it was emitting this message to /var/log/secure each time I tried
to run a CGI script in my ~/public_html directory (I have mod_userdir
enabled and added the 'Option +ExecCGI' for my ~/public_html dir) :
    failed to setgid (1000: test.cgi)
strace showed suexec was being run by user apache, group apache with the
command :
    suexec ~1000 1000 /home/jason/public_html/test.cgi

But because it was installed with GID apache, root:apache is not
permitted to setgid .

Doing, as root :
     # chown root:root /usr/sbin/suexec; chmod 06555 /usr/sbin/suexec
fixes the problem - suexec is then able to setgid and run the script.

Please allow suexec to do setgid !


The problem does not occur when I build and install the upstream
httpd-2.4.7 from apache.org .

Version-Release number of selected component (if applicable):

httpd-2.4.6-2.fc19.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Try to run ANY cgi script in a ~/public_html directory, 
 - eg with the URL :

   http://localhost/~jason/test.cgi

$ cat test.cgi
#!/bin/sh
echo -en 'Content-type: text/html'"\n\n"
cat <<'EOF'
<html>
<title>Test CGI Script</title>
<body>
It worked!
</body>
</html>
EOF

Actual results:

A server error and misleading messages about 
'End of script output before headers'
in /var/log/httpd/error_log 

Expected results:
The script should have been run by suexec and produced a valid HTTP response.


Additional info: