suexec not dropping privileges on EUID

We have a unique problem in that suexec is changing the real uid to the user who owns the script, but it is setting the effective uid to root!

We have swapped out all libraries that suexec uses and all libraries and modules that apache uses, as well as the suexec binary and apache binaries as well.

Nothing has any effect.

The system is Red Hat Linux 7.3, kernel 2.4.33.2, with Apache 1.2.3 (patched for security).

Here is what suexec is built with and it is exactly the same as on servers that work correctly.

-D DOC_ROOT="/home/httpd/"
-D GID_MIN=100
-D HTTPD_USER="www"
-D LOG_EXEC="/var/log/httpd/cgi.log"
-D SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D UID_MIN=100
-D USERDIR_SUFFIX="public_html"


Has anyone had any experience with this. Any ideas, suggestions?

Redhat 7.3 I hope your kidding lol.

No, I am not kidding and I have no control over changing that.
However, on other servers, with same OS, it works fine.

You can easily upgrade it to Fedora or CentOS. If you want to solve the problem - try:

Omg then it wont be apache 1.2.3!

Sorry, it is Apache/1.3.35 (Unix)

We still have one colocated server running RHL 7.3. The customer is still happy .

(It's his server; we don't change it.)

Jeff

Exactly! So, now that that is cleared up, that yes the OS is old, does anyone have an idea about what could be making suexec set EUID to 0?

This is a very serious situation for us and any help would be greatly appreciated!

I dont think anyone knows. Try smtalks method or try asking the creators of suexec.