httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jake Buchholz <j...@execpc.com>
Subject Re: suexec concerns
Date Fri, 03 Jan 1997 22:07:10 GMT
Marc Slemko had previously stated:
> Heck, take the typical silly system with lots of bin owned binaries.  What
> is bin's home directory on your system?  "/"?  "/bin"?  "/usr/bin"?  Cool,
> as HTTPD_USER do:
> 
> 	cd /bin
> 	/path/to/suexec \~bin bin sh
> 
> bin looses.
 
Or 'loses' even...  This is by no means a complete solution to the problem
at hand, but if run interactively, there should be a tty available to suexec;
if run from apache, it shouldn't...  Of course, there's ways around that
too....  Hm.  Regardless, suexec probably shouldn't be executable from the
command line.

-- 
Jake Buchholz                                      http://www.execpc.com/~jake
Exec-PC Internet Systems Administrator                         jake@execpc.com

Mime
View raw message