httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Time's a wastin'
Date Tue, 24 Sep 1996 16:41:52 GMT
Jason A. Dour wrote:
> On the topic of mods to sucgi.c...go ahead and send specifics of what
> you're thinking about to me and Randy...
> Now...
> You seem to be approaching the suEXEC issue from an angle with which I am
> totally unfamiliar.  Most servers have 644 or 755 permissions on their
> related files...HTML...CGI...  I really don't see why world execute is a
> problem.  World execute is only a problem if the file is setuid...which
> with the suEXEC model, it is not.

The can_exec() stuff is totally seperate from the suexec() stuff.
It's a fact of life that some servers and setups will have the
httpd "user" be a member of more than one group for whatever reason.
It's allowed by the OS, and Apache should honor that. Whether suexec()
exists or not, the Apache process should check the entire group-list
of the Apache user in can_exec().

Jim Jagielski  << >>   |   "If we took the bones out
  **  jaguNET Access Services  **      |    then it wouldn't be crunchy"
      Email:          |            Whizzo Crunchy Frog
++         +++      Voice/Fax: 410-931-3157       ++

View raw message