httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <>
Subject suEXEC API.
Date Sun, 05 Jan 1997 01:02:29 GMT

Ya know, Jim has a great point.  Personally, I think we should just solve
the whole suEXEC issue right now with final discussion of a suEXEC API.

It would certainly solve the whole issue real quickly...  I propose the

	* Leave the server code as it it the API.  When a
          wrapper program (as DEFINEd in source code) is present, then
          Apache will pass CGI requests to it when the User/Group for a
          VHost are different from the HTTP_USER/HTTP_GROUP, or when a
          ~userdir request is made.  It then hands the request to the
	  DEFINEd wrapper:

	/path/to/wrapper <[~]username> <groupname> <command> <args ...>

	* We provide a wrapper/ subdirectory in the support/ directory
          that will contain all submitted wrappers.  The user may choose
          the wrapper of their choice.

	* In the docs, make a caveat emptor: "If you use a wrapper, be
          aware you could be opening yourself up to cracker attempts.
          The Apache Group can make no claims of security beyond the
          call to the wrapper program; after that point it is up to the
          author of the wrapper code.  USE WITH EXTREME CAUTION."

I think this will be about the only way we'll make anyone happy.  AND it
will free us up to move ahead on the release of 1.2 -- which, BTW, A LOT
of people are jonesing for...  We could continue to argue in circles
forever on this wrapper issue, or we could solve the few other small
problems 1.2 has and move on to 2.0.

# Jason A. Dour <>                            1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.

Version: 2.6.2


View raw message