httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: suEXEC, son of suCGI.
Date Mon, 29 Jul 1996 16:49:43 GMT
> On Mon, 29 Jul 1996, Jason A. Dour wrote:
> 
> > 1.  At startup (and at SIGHUP?), the server checks for the suexec binary,
> > as DEFINEd at compilation.  If it exists, is owned by root, and is
> > setuid'd, it enables suexec.  It any of these checks fail, it disables
> > suexec.
> > 
> > 2.  When call_exec is executed, it checks to see if suexec is enabled.  If
> > not, it will behave per Apache norm.  If so, then it continues...
> 
> At this point, I would suggest having a flag that sets what happens at #2.
> I'd rather be able to tell the server to run scripts in suexec mode *only*
> or not at all; while others would want it to fall back to the default.  This
> should not be too hard for it to do:
> 
> if (!secure_exec_mode) {
>   if (secure_exec_mode_only)
>     error out;
>   else
>     continue with apache norm;
> }
> 
> 
> Michael Douglass

How would you suggest doing this?

Commandline flag?
Config directive?
Special filename for the wrapper?





Mime
View raw message