httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: doc patches for symlinked logfile warnings
Date Sun, 05 Jan 1997 03:44:56 GMT
On Sat, 4 Jan 1997, Jim Jagielski wrote:

> Marc Slemko wrote:
> >   
> >   All the CGI scripts will run as the same user, so they have potential to
> >   conflict (accidentally or deliberately) with other scripts e.g. User A hates
> > ! User B, so he writes a script to trash User B's CGI database.  One
> > ! program which can be used to allow scripts to run as different users is 
> > ! <A HREF="../suexec.html">suEXEC</A> which is supported directly by
> > ! Apache.  Another popular way of doing this is with 
> > ! <A HREF="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</A>.  <P>
> >   
> 
> Is suexec really "directly" supported by Apache (ie: the group itself
> is "responsible" for it?

I meant Apache the web server, not Apache the group.  Things may change so
that instead of directly supporting suexec in the server there is an API
to support any wrapper, but the way things are now the server has code
that is designed strictly for running suexec. 

Perhaps "which is called from special hooks in the Apache server code" 
would be better wording.

I think that saying "we provide an API and whatever wrappers people send
us; all we are responsible for is the wrapper" is simply shifting the
blame.  Like it or not, no matter what disclaimer you put there if you
include something in the apache distribution there is some sort of
implication that it works in some way and that it has some association
with Apache.  I really think we should make suexec secure (but, at least
for now, minimalist), support it, and include pointers to any other
scripts that people submit.  I don't think that just providing an API and
a whole mess of unsupported scripts is a good solution.



Mime
View raw message