httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: Oops explained
Date Wed, 10 Jul 1996 16:26:30 GMT
-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 10 Jul 1996, Randy Terbush wrote:
> > As a matter of interest, what technique are you using in the end to soothe our
> > security fears?
. . .
> I'm sure that Jason will have some other things to add to this, and
> I prefer not to start that security debate all over again (yet). I think
> that Jason plans to have the per/UserDir stuff ready for presentation
> any day now. It would be relatively easy to provide a patch to centralize
> the exec code without enabling the wrapper aspect.

	UserDir (with some help from Randy on the internals) will be ready
for review anyday...I promise.  Soon, we'll have for your review suCGI
capabilities for VHosts and UserDirs.  At that point, the suCGI project
will be about 50% done by accomplishing 2 of its 4 goals.  The other two
are Directories and Locations. 

	In regards to security...at the time Randy and I present it to the
group, I'll be providing a complete text of the logic for the code
involved with the setuid operations.  We've beefed up the paranoia pretty
well, IMHO, and I'm documenting everything we're checking as we go along. 

	I agree that we shoud centralize http_exec ASAP.  It will only
make all our lives easier.  8)  Randy, can you do that?

Jason
+ Jason A. Dour                       jad@bcc.louisville.edu               +
| Programmer Analyst II               http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMePZuJo1JaC71RLxAQGTTgQAplh2Mb0A/D2RH1sy6L5+M2/8xfshbrcc
EBaJ2m7ucNVFBv+g3SBCrH638x2o5NNa7spSEMSiF+TwC/n2ltlzt9mvzfN8z2QD
eDW8wVU61Y7CqkJQoFNYZH01HIbvgRcA3T9JOoB+qnVoTV5GWOueQrnJZNVnpITW
oL/XkPrx0Oo=
=qxld
-----END PGP SIGNATURE-----


Mime
View raw message