Package: apache2-common Version: 2.0.53-5 Severity: grave Justification: user security hole
I'm fairly certain this is specific to the MIPS port. I looked at the source and did some tests and am a bit perplexed. I thought it was a signedness issue, integer overflow I think they call it. In any case here's the rundown. Apache is running as nobody/nogroup (65534/65534). I was having some luser errors with a CGI script so I dropped a simple command execution script in /usr/lib/cgi-bin/ to see if CGI worked in general which it does. In any case I ran /usr/bin/id and noticed my gid was wrong as well as my groups. I created a file just to ensure the problem wasn't within id and did an ls on the file. It seems that it's a problem with suexec itself. My box is slow as can be and I've just about given up trying to build it from source and see for myself but I imagine that perhaps this is built with a cross-compiler. And that somehow the signedness is incured in this fashion. I did test getgrnam and it returns correct information. Here's some output from my lil' script: $ id uid=65534(nobody) gid=1(daemon) groups=4294967295 $ touch /tmp/nobody_was_here $ ls -l /tmp/nobody_was_here -rw-r--r-- 1 nobody 4294967295 0 Mar 12 05:11 /tmp/nobody_was_here Anyways this can in theory lead to some strange privelege elevation given the gid of daemon. I chose grave since it seemed fitting although in truth it's probably not a huge issue? There were no error logged. Anyways if I can fix strace to work or get this to compile I might be able to send a patch or more useful info. For now it's still running configure... ;) peace, core -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: mipsel (mips) Kernel: Linux 2.4.27-r5k-cobalt Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2-common depends on: ii apache2-utils 2.0.53-5 utility programs for webservers ii debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-1 XML parsing C library - runtime li ii libgcc1 1:3.4.3-6 GCC support library ii libmagic1 4.12-1 File type determination library us ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-10 The NET-3 networking toolkit ii openssl 0.9.7e-2 Secure Socket Layer (SSL) binary a ii ssl-cert 1.0-11 Simple debconf wrapper for openssl -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
