httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: suEXEC, son of suCGI.
Date Mon, 29 Jul 1996 14:38:58 GMT

> > > 	* paranoia() routine within server
> > Regarding additional checks in the server, I'm not sure that execution
> > with the wrapper would benefit much from additional checks. I do think
> > though that other checks for non-setuid behavior could be justified.
> > RST convinced me to take these out of the "centralized exec" changes,
> > and I have seen the benefits.
> 	IMHO, there is one MAJOR benefit from having at least a few checks
> internal to the server.  That is: if the file in grossly invalid in some
> way, don't even execute the setuid layer.  This should prove to be
> big-time efficient, causing fewer exec calls in general.
> Jason

This _is_ true and was my original justification for having checks in
the server. However, it does beg the question if it is worth degrading
execution of acceptable CGI to prevent ultimately failed execution of
unacceptable CGI by the wrapper. Someone more in tune with the overhead
of stat() should comment. I know it's not trivial.

View raw message