From c09368cc8887c1dea562def6c77668bc77ac4374 Mon Sep 17 00:00:00 2001
From: Brian Pane <brianp@apache.org>
Date: Sun, 26 May 2002 08:27:10 +0000
Subject: Fix for suexec execution of CGI scripts from mod_include (including
 security patch to ensure that <!--#include file="name.cgi"--> is run as the
 suexec user rather than the httpd user) PR: 7791, 8291 Submitted by: Colm
 MacCarthaigh <colmmacc@redbrick.dcu.ie> Reviewed by:	Brian Pane

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95290 13f79535-47bb-0310-9956-ffa450edef68
---
 os/unix/unixd.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'os/unix')

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index c854a39716..c21868e388 100644
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -350,16 +350,25 @@ static apr_status_t ap_unix_create_privileged_process(
 	    }
     }
     /* allocate space for 4 new args, the input args, and a null terminator */
-    newargs = apr_palloc(p, sizeof(char *) * (i + 5));
+    newargs = apr_palloc(p, sizeof(char *) * (i + 4));
     newprogname = SUEXEC_BIN;
     newargs[0] = SUEXEC_BIN;
     newargs[1] = execuser;
     newargs[2] = execgroup;
     newargs[3] = apr_pstrdup(p, progname);
 
-    i = 0;
+    /*
+    ** using a shell to execute suexec makes no sense thus
+    ** we force everything to be APR_PROGRAM, and never
+    ** APR_SHELLCMD
+    */
+    if(apr_procattr_cmdtype_set(attr, APR_PROGRAM) != APR_SUCCESS) {
+        return APR_EGENERAL;
+    }
+
+    i = 1;
     do {
-        newargs[i + 4] = args[i];
+        newargs[i + 3] = args[i];
     } while (args[i++]);
 
     return apr_proc_create(newproc, newprogname, newargs, env, attr, p);
-- 
cgit v1.2.3