httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erikab...@apache.org
Subject cvs commit: httpd-2.0/docs/manual suexec.html.en suexec.xml
Date Fri, 25 Jul 2003 18:32:48 GMT
erikabele    2003/07/25 11:32:48

  Modified:    docs/manual Tag: APACHE_2_0_BRANCH suexec.html.en suexec.xml
  Log:
  Enhance some bits of the suEXEC docco to be a bit more precise
  in regard to suEXEC's docroot handling and it's preconditions;
  see PR#21873 and #21874.
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.37.2.7  +21 -18    httpd-2.0/docs/manual/suexec.html.en
  
  Index: suexec.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/suexec.html.en,v
  retrieving revision 1.37.2.6
  retrieving revision 1.37.2.7
  diff -u -r1.37.2.6 -r1.37.2.7
  --- suexec.html.en	30 Jun 2003 22:17:41 -0000	1.37.2.6
  +++ suexec.html.en	25 Jul 2003 18:32:47 -0000	1.37.2.7
  @@ -159,13 +159,15 @@
         </li>
   
         <li>
  -        <strong>Does the target program have an unsafe hierarchical
  -        reference?</strong> 
  +        <strong>Does the target CGI or SSI program have an unsafe
  +        hierarchical reference?</strong> 
   
           <p class="indent">
  -          Does the target program contain a leading '/' or have a
  -          '..' backreference? These are not allowed; the target
  -          program must reside within the Apache webspace.
  +          Does the target CGI or SSI program's path contain a leading
  +          '/' or have a '..' backreference? These are not allowed; the
  +          target CGI/SSI program must reside within suEXEC's document
  +          root (see <code>--with-suexec-docroot=<em>DIR</em></code>
  +          below).
           </p>
         </li>
   
  @@ -242,8 +244,8 @@
         </li>
   
         <li>
  -        <strong>Does the directory in which the program resides
  -        exist?</strong> 
  +        <strong>Does the directory in which the target CGI/SSI program
  +        resides exist?</strong> 
   
           <p class="indent">
             If it doesn't exist, it can't very well contain files.
  @@ -256,9 +258,10 @@
   
           <p class="indent">
             If the request is for a regular portion of the server, is
  -          the requested directory within the server's document
  -          root? If the request is for a UserDir, is the requested
  -          directory within the user's document root?
  +          the requested directory within suEXEC's document root? If
  +          the request is for a UserDir, is the requested directory
  +          within the directory configured as suEXEC's userdir (see
  +          <a href="#install">suEXEC's configuration options</a>)?
           </p>
         </li>
   
  @@ -274,7 +277,7 @@
         </li>
   
         <li>
  -        <strong>Does the target program exist?</strong> 
  +        <strong>Does the target CGI/SSI program exist?</strong> 
   
           <p class="indent">
             If it doesn't exists, it can't very well be executed.
  @@ -282,17 +285,17 @@
         </li>
   
         <li>
  -        <strong>Is the target program <em>NOT</em> writable by
  -        anyone else?</strong> 
  +        <strong>Is the target CGI/SSI program <em>NOT</em> writable
  +        by anyone else?</strong> 
   
           <p class="indent">
             We don't want to give anyone other than the owner the
  -          ability to change the program.
  +          ability to change the CGI/SSI program.
           </p>
         </li>
   
         <li>
  -        <strong>Is the target program <em>NOT</em> setuid or
  +        <strong>Is the target CGI/SSI program <em>NOT</em> setuid or
           setgid?</strong> 
   
           <p class="indent">
  @@ -324,11 +327,11 @@
         </li>
   
         <li>
  -        <strong>Can we successfully become the target program and
  -        execute?</strong> 
  +        <strong>Can we successfully become the target CGI/SSI program
  +        and execute?</strong> 
   
           <p class="indent">
  -          Here is where suEXEC ends and the target program begins.
  +          Here is where suEXEC ends and the target CGI/SSI program begins.
           </p>
         </li>
       </ol>
  
  
  
  1.3.2.5   +21 -18    httpd-2.0/docs/manual/suexec.xml
  
  Index: suexec.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/suexec.xml,v
  retrieving revision 1.3.2.4
  retrieving revision 1.3.2.5
  diff -u -r1.3.2.4 -r1.3.2.5
  --- suexec.xml	22 Jun 2003 16:50:48 -0000	1.3.2.4
  +++ suexec.xml	25 Jul 2003 18:32:47 -0000	1.3.2.5
  @@ -131,13 +131,15 @@
         </li>
   
         <li>
  -        <strong>Does the target program have an unsafe hierarchical
  -        reference?</strong> 
  +        <strong>Does the target CGI or SSI program have an unsafe
  +        hierarchical reference?</strong> 
   
           <p class="indent">
  -          Does the target program contain a leading '/' or have a
  -          '..' backreference? These are not allowed; the target
  -          program must reside within the Apache webspace.
  +          Does the target CGI or SSI program's path contain a leading
  +          '/' or have a '..' backreference? These are not allowed; the
  +          target CGI/SSI program must reside within suEXEC's document
  +          root (see <code>--with-suexec-docroot=<em>DIR</em></code>
  +          below).
           </p>
         </li>
   
  @@ -214,8 +216,8 @@
         </li>
   
         <li>
  -        <strong>Does the directory in which the program resides
  -        exist?</strong> 
  +        <strong>Does the directory in which the target CGI/SSI program
  +        resides exist?</strong> 
   
           <p class="indent">
             If it doesn't exist, it can't very well contain files.
  @@ -228,9 +230,10 @@
   
           <p class="indent">
             If the request is for a regular portion of the server, is
  -          the requested directory within the server's document
  -          root? If the request is for a UserDir, is the requested
  -          directory within the user's document root?
  +          the requested directory within suEXEC's document root? If
  +          the request is for a UserDir, is the requested directory
  +          within the directory configured as suEXEC's userdir (see
  +          <a href="#install">suEXEC's configuration options</a>)?
           </p>
         </li>
   
  @@ -246,7 +249,7 @@
         </li>
   
         <li>
  -        <strong>Does the target program exist?</strong> 
  +        <strong>Does the target CGI/SSI program exist?</strong> 
   
           <p class="indent">
             If it doesn't exists, it can't very well be executed.
  @@ -254,17 +257,17 @@
         </li>
   
         <li>
  -        <strong>Is the target program <em>NOT</em> writable by
  -        anyone else?</strong> 
  +        <strong>Is the target CGI/SSI program <em>NOT</em> writable
  +        by anyone else?</strong> 
   
           <p class="indent">
             We don't want to give anyone other than the owner the
  -          ability to change the program.
  +          ability to change the CGI/SSI program.
           </p>
         </li>
   
         <li>
  -        <strong>Is the target program <em>NOT</em> setuid or
  +        <strong>Is the target CGI/SSI program <em>NOT</em> setuid or
           setgid?</strong> 
   
           <p class="indent">
  @@ -296,11 +299,11 @@
         </li>
   
         <li>
  -        <strong>Can we successfully become the target program and
  -        execute?</strong> 
  +        <strong>Can we successfully become the target CGI/SSI program
  +        and execute?</strong> 
   
           <p class="indent">
  -          Here is where suEXEC ends and the target program begins.
  +          Here is where suEXEC ends and the target CGI/SSI program begins.
           </p>
         </li>
       </ol>
  
  
  

Mime
View raw message