httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Douglass <miked...@texas.net>
Subject Re: suEXEC, son of suCGI.
Date Mon, 29 Jul 1996 16:18:27 GMT
On Mon, 29 Jul 1996, Jason A. Dour wrote:

> 1.  At startup (and at SIGHUP?), the server checks for the suexec binary,
> as DEFINEd at compilation.  If it exists, is owned by root, and is
> setuid'd, it enables suexec.  It any of these checks fail, it disables
> suexec.
> 
> 2.  When call_exec is executed, it checks to see if suexec is enabled.  If
> not, it will behave per Apache norm.  If so, then it continues...

At this point, I would suggest having a flag that sets what happens at #2.
I'd rather be able to tell the server to run scripts in suexec mode *only*
or not at all; while others would want it to fall back to the default.  This
should not be too hard for it to do:

if (!secure_exec_mode) {
  if (secure_exec_mode_only)
    error out;
  else
    continue with apache norm;
}


Michael Douglass
Texas Networking, Inc.

  "To be a saint is to be an exception; to be a true man is the rule.
   Err, fail, sin if you must, but be upright.  To sin as little as
   possible is the law for men; to sin not at all is a dream for angels."

              - Victor Hugo, "Les Miserables"


Mime
View raw message