From owner-freebsd-security Thu Mar 27 23:20:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA24946 for security-outgoing; Thu, 27 Mar 1997 23:20:50 -0800 (PST) Received: from sui.gda.itesm.mx (sui.gda.itesm.mx [132.254.53.124]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA24941; Thu, 27 Mar 1997 23:20:46 -0800 (PST) Received: from rebi (dialup00.i-set.com.mx [200.34.46.130]) by sui.gda.itesm.mx (8.8.5/8.8.5) with ESMTP id BAA01146; Fri, 28 Mar 1997 01:24:09 -0600 (CST) Message-ID: <333B7166.7EAF@sui.gda.itesm.mx> Date: Fri, 28 Mar 1997 01:21:10 -0600 From: "Alejandro Vázquez C." Organization: SUI - ITESM Campus Guadalajara X-Mailer: Mozilla 4.0b2 (Win95; I) MIME-Version: 1.0 To: freebsd-bugs@freebsd.org, freebsd-security@freebsd.org, Alejandro Vazquez , Carlos Mercado Subject: Re: SetUID & Apache in 2.2-RELEASE... X-Priority: 3 (Normal) References: <333B35DA.2BF3@sui.gda.itesm.mx> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Alejandro Vázquez C. wrote: I used to have some setuids CGIs running with my 2.1.5 fbsdbox, and them executed pretty well with Apache 1.1.1 & Perl 5.002. Now, I upgraded to 2.2-RELEASE, Apache 1.2b7 & Perl 5.003, and none of the setuids cgis run (being executed by anybody but root). When I remove from them the setuid flag, they can be executed (but I need to execute them as setuids). Any Ideas? Thanx in advance... New data about this: Other FBSD 2.2 boxes with Perl5.003 can do the job (execute a setuid cgi under Apache 1.2b7). I think it's a compatibility problem in the script itself (Larry, are you there? If so, why can't I use my old 5.002 setuid-scripts with 5.003).