Bug 26972 - SuExec is overzealous about group permissions
SuExec is overzealous about group permissions
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: apache (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-10 13:20 EST by Scott Schmit
Modified: 2007-04-18 12:31 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-02-10 13:20:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Schmit 2001-02-10 13:20:43 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.0-0.99.11 i686; Nav)


When I viewed my web site on localhost, my perl scripts would not run. When
I directly fetched the url for the perl script, the server returned a 500.
So I checked the logs and the suexec log complained:
[2001-02-10 11:39:04]: error: directory is writable by others:
(/home/draco/public_html/bin)
[2001-02-10 11:44:07]: info: (target/actual) uid: (draco/draco) gid:
(draco/draco) cmd: comic.pull.pl

I checked the permissions of the directories (snipping the files from the
listing):
[draco@utopia:~/public_html]$ ll
total 32
drwxrwxr-x    2 draco    draco        4096 Feb 10 11:44 bin
drwxrwxr-x    2 draco    draco        4096 Oct 21 18:05 css
drwxrwxrwx    2 draco    draco        4096 Oct 21 18:07 data
drwxrwxr-x    2 draco    draco        4096 Oct 21 18:06 image
drwxrwxr-x    2 draco    draco        4096 Jan 28 21:22 template

as you can see, bin (where apache was complaining) is not world writable.
I then did this:
[draco@utopia:~/public_html]$ chmod g-wrx *
[draco@utopia:~/public_html]$ ll
total 32
drwx---r-x    2 draco    draco        4096 Feb 10 11:44 bin
drwx---r-x    2 draco    draco        4096 Oct 21 18:05 css
drwx---rwx    2 draco    draco        4096 Oct 21 18:07 data
drwx---r-x    2 draco    draco        4096 Oct 21 18:06 image
drwx---r-x    2 draco    draco        4096 Jan 28 21:22 template

Automagically, apache stopped having problems with the permissions and ran
the scripts. I see this as a bug since the group "draco" is hardly
"everyone" :-)

Reproducible: Always
Steps to Reproduce:
1. Set up apache to serve user directories (/~user/) and permit ExecCGI.
2. chmod o=x home and o=rx (or even o=x) public_html
2. change permissions under public_html so that all directories are not
world writable (chmod o-w)
3. change permissions under public_html so that all directories are group
writable (chmod g+w)
4. make some trivial script(s) to run someplace under public_html (say,
~/public_html/bin/)
5. attempt to run your script(s) through apache

Actual Results:  the perl scripts do not run because suexec forbids it. It
says these directories are world writable. They aren't.
$ ls -ld /home /home/draco /home/draco/public_html
/home/draco/public_html/bin
drwxr-xr-x    9 root     root         4096 Feb  7 16:08 /home
drwx-----x   31 draco    draco        4096 Feb 10 11:57 /home/draco
drwx-----x    7 draco    draco        4096 Oct 21 18:34
/home/draco/public_html
drwxrwxr-x    2 draco    draco        4096 Feb 10 11:44
/home/draco/public_html/bin

Expected Results:  suexec should have permitted execution. users in groups
need to be able to modify web directories and still execute programs!

$ rpm -q apache
apache-1.3.14-9
Comment 1 Nalin Dahyabhai 2001-02-15 00:23:38 EST
Group-writable directories and files are considered non-secure, and user-groups
are not exceptions to this rule.

Note You need to log in before you can comment on or make changes to this bug.