httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: suEXEC, son of suCGI.
Date Mon, 29 Jul 1996 14:19:19 GMT
-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 29 Jul 1996, Randy Terbush wrote:
> Actually, I purposely placed the call to init_suexec() before child_main()
> which if I understand correctly will prevent the server from being SIGHUP'd
> to detect a newly installed setuid wrapper.

	Oh...yeah...you told me that.  Insert sheepish grin here.  8)

> > 	* paranoia() routine within server
> Regarding additional checks in the server, I'm not sure that execution
> with the wrapper would benefit much from additional checks. I do think
> though that other checks for non-setuid behavior could be justified.
> RST convinced me to take these out of the "centralized exec" changes,
> and I have seen the benefits.

	IMHO, there is one MAJOR benefit from having at least a few checks
internal to the server.  That is: if the file in grossly invalid in some
way, don't even execute the setuid layer.  This should prove to be
big-time efficient, causing fewer exec calls in general.

Jason
+ Jason A. Dour                       jad@bcc.louisville.edu               +
| Programmer Analyst II               http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfzIa5o1JaC71RLxAQHFIAP8DdxGIJXQN5DqKrhjdq2b3G3r0z0W83J3
1TiYHkVjA3hEOFnfqO2qEl+w6ntxCUae7kWjiZkvlmIAvW4LVjvA2hUXz131c+EP
uu2O0FsQMGlTMcgP9rX+zI3OMxU3cCoiBlp2c9xFi6gUmoBd7HdvJi6xC+zB7TWg
/WdsEbrYxxo=
=2u2H
-----END PGP SIGNATURE-----


Mime
View raw message