Bug#618857: apache2-mpm-itk: if you do not assign a user ID, the default one from Apache is _NOT_ used.

Tue, 22 Mar 2011 03:24:24 -0700 


Hi:

Steinar, thanks for your reply.

One comment more:
I admit I have not default configuration so, on my custom instalation, I don't need to set "NiceValue" to reproduce the issue.
On a flesh installation I reproduced bug as you said. After your patch, bug is fixed. 

El 20/03/2011, a las 13:37, Steinar H. Gunderson escribió:


tags 618857 + patch
thanks

On Sat, Mar 19, 2011 at 01:05:43AM +0100, Samuel Montosa wrote:
As far I tested, versions prior to 'squeeze', apache/itk behavior was as 
claimed at http://mpm-itk.sesse.net/

"
AssignUserID: Takes two parameters, uid and gid (or really, user name
and group name); specifies what uid and gid the vhost will run as (after 
parsing the request etc., of course).
_________Note that if you do not assign a user ID, the default one from 
Apache will be used._____________
"
On 'squeeze', if user ID is not assigned by AssignUserID at VirtualHost, default ID will be __root__. User and Group directives from Apache will 
be ignored.


Hi,

I managed to reproduce your bug; it only happens if you do not set
AssignUserID but do set NiceValue. In other words, the default configuration 
is unaffected (and most normal ones), but it is still an issue.
I have a patch for this, but as upstream I believe I need to go through the CVE procedure. Does anyone from the security team (Cc-ed) want to help me through the process? I guess first of all I need a CVE number assigned that I 
can refer to in the upstream changelog.

FWIW, the patch is:
diff -ur orig/httpd-2.2.17/server/mpm/experimental/itk/itk.c httpd-2.2.17/server/mpm/experimental/itk/itk.c --- orig/httpd-2.2.17/server/mpm/experimental/itk/itk.c 2011-03-20 13:18:18.000000000 +0100 +++ httpd-2.2.17/server/mpm/experimental/itk/itk.c 2011-03-20 13:15:42.000000000 +0100 
@@ -1697,8 +1697,8 @@
/* == merge the parent per-dir config structure into ours == */
static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) 
{
-    itk_per_dir_conf *c = (itk_per_dir_conf *)
-        apr_pcalloc(p, sizeof(itk_per_dir_conf));
+    itk_per_dir_conf *c = (itk_per_dir_conf *)
+        itk_create_dir_config(p, NULL);
    itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
    itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
Testing would be appreciated. I'm attaching a debdiff with the patch put into 
the patch system, for testing.

/* Steinar */
--
Homepage: http://www.sesse.net/
<mpm-itk-merger-fix.debdiff>


--
Samuel Montosa

Reply via email to