httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: SetUID once again
Date Sat, 30 Mar 1996 17:58:53 GMT
> Randy Terbush wrote:
> > 
> > I'm including for review a set of patches made against the current
> > cvs repository for some changes that were sent to me from
> > Michael Kutzner.
> 
> Hello again, I haven't dissappeared, just been _very_ busy.  I am still 
> interested in the SetUID patches, and have been testing and playing with
> them.  
> From a maintainable point of view, I think the UID-based-on-permissions is a 
> better approach.  If you have anything new to test right now, toss me a
> line and 

I tend to agree especially since I have it working. Changing to a 
wrapper approach means time that I don't really have. On the otherhand
porting the changes to every new version of Apache is taking time
also.

I don't understand why a runtime option to enable this is not palatable
to the group. It's really no more dangerous than giving me the ablility
to forget to disable 'AllowOverides', or the ablitity to load binary modules.

I'm running in a chroot'ed environment (or soon will be). The added
overhead of exec'ing twice instead of once is unnecessary from my
point of view.

I'm in the process of setting up a new Solaris machine and will need
to address this issue sometime this weekend. It would be wonderful
to hear some other support for including this. Otherwise, I'll probably
take the other path of a wrapper.









Mime
View raw message