Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#4129 xmlrpc.cgi does wrong user check in command line block

1.550
closed-fixed
Jamie Cameron
5
2012-08-14
2012-08-14
Danny Sauer
No

The xmlrpc.cgi script has two errors.
One is that it uses $< rather than $> to determine the user. It doesn't make much difference who the real users is; if the effective UID is root (say, in the case of a suid root script), it should probably go ahead and run.
The other related (and minor) issue is that the error messages references xmlrpc.pl, when the script has actually been renamed to xmlrpc.cgi. But as long as you're on that line... :)

For the record, I found this trying to diagnose why I can't seem to make RPC calls against a custom module which uses DBI in my "running Webmin under Apache" environment, so it's unlikely to impact the typical user. But it seems worth reporting none the less.

Discussion

  • Jamie Cameron
    Jamie Cameron
    2012-08-14

    Thanks - I'll fix this in the next Webmin release.

     
  • Jamie Cameron
    Jamie Cameron
    2012-08-14

    • status: open --> closed-fixed