> On Mon, 29 Jul 1996, Jason A. Dour wrote:
>
> > 1. At startup (and at SIGHUP?), the server checks for the suexec binary,
> > as DEFINEd at compilation. If it exists, is owned by root, and is
> > setuid'd, it enables suexec. It any of these checks fail, it disables
> > suexec.
> >
> > 2. When call_exec is executed, it checks to see if suexec is enabled. If
> > not, it will behave per Apache norm. If so, then it continues...
>
> At this point, I would suggest having a flag that sets what happens at #2.
> I'd rather be able to tell the server to run scripts in suexec mode *only*
> or not at all; while others would want it to fall back to the default. This
> should not be too hard for it to do:
>
> if (!secure_exec_mode) {
> if (secure_exec_mode_only)
> error out;
> else
> continue with apache norm;
> }
>
>
> Michael Douglass
How would you suggest doing this?
Commandline flag?
Config directive?
Special filename for the wrapper?
|