Received: by taz.hyperreal.com (8.6.12/8.6.5) id JAA07179;
 Mon, 29 Jul 1996 09:18:32 -0700
Received: from millenium.texas.net by taz.hyperreal.com (8.6.12/8.6.5) with
 ESMTP id JAA07171; Mon, 29 Jul 1996 09:18:30 -0700
Received: from localhost (mikedoug@localhost) by millenium.texas.net
 (TXNet/TXNet) with SMTP id LAA13444 for <new-httpd@hyperreal.com>;
 Mon, 29 Jul 1996 11:18:28 -0500 (CDT)
Date: Mon, 29 Jul 1996 11:18:27 -0500 (CDT)
From: Michael Douglass <mikedoug@texas.net>
To: new-httpd@hyperreal.com
Subject: Re: suEXEC, son of suCGI.
In-Reply-To: <Pine.LNX.3.93.960729072417.388A-300000@curie.bcc.louisville.edu>
Message-ID: <Pine.SUN.3.94.960729111622.29607W-100000@millenium.texas.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On Mon, 29 Jul 1996, Jason A. Dour wrote:

> 1.  At startup (and at SIGHUP?), the server checks for the suexec binary,
> as DEFINEd at compilation.  If it exists, is owned by root, and is
> setuid'd, it enables suexec.  It any of these checks fail, it disables
> suexec.
> 
> 2.  When call_exec is executed, it checks to see if suexec is enabled.  If
> not, it will behave per Apache norm.  If so, then it continues...

At this point, I would suggest having a flag that sets what happens at #2.
I'd rather be able to tell the server to run scripts in suexec mode *only*
or not at all; while others would want it to fall back to the default.  This
should not be too hard for it to do:

if (!secure_exec_mode) {
  if (secure_exec_mode_only)
    error out;
  else
    continue with apache norm;
}


Michael Douglass
Texas Networking, Inc.

  "To be a saint is to be an exception; to be a true man is the rule.
   Err, fail, sin if you must, but be upright.  To sin as little as
   possible is the law for men; to sin not at all is a dream for angels."

              - Victor Hugo, "Les Miserables"