Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 70369 invoked from network); 23 Feb 2005 21:29:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 23 Feb 2005 21:29:30 -0000 Received: (qmail 29810 invoked by uid 500); 23 Feb 2005 21:29:29 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 29778 invoked by uid 500); 23 Feb 2005 21:29:29 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 29762 invoked by uid 99); 23 Feb 2005 21:29:29 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from ajax-1.apache.org (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 23 Feb 2005 13:29:29 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (8.12.11/8.12.11) with ESMTP id j1NLTQWk026110 for ; Wed, 23 Feb 2005 22:29:26 +0100 Received: (from nobody@localhost) by ajax.apache.org (8.12.11/8.12.11/Submit) id j1NLTQRb026107; Wed, 23 Feb 2005 22:29:26 +0100 Date: Wed, 23 Feb 2005 22:29:26 +0100 Message-Id: <200502232129.j1NLTQRb026107@ajax.apache.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 33716] - suexec behavior/code doesn't match documented security model X-Bugzilla-Reason: AssignedTo X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=33716 ------- Additional Comments From dax@gurulabs.com 2005-02-23 22:29 ------- (In reply to comment #3) > (In reply to comment #2) > > Your POV. Actually a lot of people use suexec in order to be able to write their > > content and not to disturb any other user on the system. > > With my patch people can still OPTIONALLY write to their content. Currently the > behavior is such that it is MANDATED that their content can be written to. > A complete description of the change is: Users who depend on the current behavior in regards to having cgis modifying their content will not be effected by the patch. Things will still function as expected. No change. Users who don't want their content writable by cgis can adjust directory and file ownerships to prevent this from happening. This is what the patch offers and is was not possible before. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org