httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: last post on suexec tonight, I swear
Date Mon, 11 Nov 1996 22:27:40 GMT
-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Nov 1996, Jim Jagielski wrote:
> > 	Why?  The server does this.  If it cannot find the file specified
> > by the server in the cwd, then it fails.  If there's a way to exploit this
> > setup, let me know...but right now a chdir seems unnecessary.
> 
> This is an incredible convenience when running user's cgi-scripts.

	Umm.  The server already does this as well.  If it isn't then the
code has changed from the last time I've seen it...

	Regardless of ~userdir or not, the server *should* chdir()
*before* suEXECing...that's the design Randy and I had implemented.

Jason
# Jason A. Dour <jad@bcc.louisville.edu>                            1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoeoYJo1JaC71RLxAQGkRQP+JzKEQdWRbXPMFuuROiSQh5Y8Gw0r1xBb
5PZK7tcdOmSHcbKYZq5/2Oe29ox1J7Oi9tCeHEXPqBz1foewfp4+/njzJreZBLz0
uKxPh9gicLeFFuKJacy58BnCKA63SoELHQFGYZlx2BENgRbOsxQ5vZznP12Y4361
6kW7fb4h9Us=
=f5d3
-----END PGP SIGNATURE-----


Mime
View raw message