httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: and now back to snprintf
Date Tue, 14 Jan 1997 14:19:39 GMT
> On Mon, 13 Jan 1997, Randy Terbush wrote:
> > > Anyone want to expand on the suexec docs and warnings?
> > 
> > Don't worry about the suexec docs. I would appreciate it if someone
> > other than me could make some changes, but if not, I will see that
> > it gets done by the next beta.
> 	I'll help, but I'm swamped at the mo'.  Class started last night,
> just adding one more thing to the pile.  I'll try to take a fresh look at
> the dox this weekend.
> 	What's the status of your latest patch, Randy?  May I finish up my
> work and submit the patch for the enviro and CLA changes?
> Jason

I mailed you a copy of the patch last week. I commited it this past
weekend including your changes.  From CHANGES:

  *) Several security enhancements to suexec wrapper. It is _highly_
     recommended that previously installed versions of the wrapper
     be replaced with this version.  [Randy Terbush, Jason Dour]

        - ~user execution now properly restricted to ~user's home
          directory and below.
        - execution restricted to UID/GID > 100
        - restrict passed environment to known variables
        - call setgid() before initgroups() (portability fix)
        - remove use of setenv() (portability fix)

View raw message