httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Neulinger <>
Subject Re: suexec concerns
Date Sat, 04 Jan 1997 16:21:56 GMT
>I personally think it would be a Good Idea if suExec could be made
>as cgiwrap-like as possible, maybe by a compile-time selection. This
>includes forcing ~/public_html/cgi-bin restrictions and the like.
>I know Nathan is following this group and think a "merger" of
>suexec and cgiwrap for Apache would be good (of course, a
>standalone cgiwrap would still be needed for the unenlightened).
>cgiwrap is really designed around user's cgi-scripts, whereas I
>think that the focus for suexec has not been... At least, I don't
>think that it's been used in a cgiwrap-like way, since it assumes
>a "central location" for scripts.
>Nathan, comments?

Hmm... Well, what I'd almost like to see is some way of making cgiwrap
itself usable as the wrapper portion.

The big thing that suexec does that cgiwrap wasn't really designed for is
cgi-scripts directly in user dirs (i.e. using the .cgi extension and an
addtype). Whenever the directory that is being used for the cgi scripts
themselves is isolated, cgiwrap can be used without much trouble.

	o. a user's ~/public_html/cgi-bin directory.
	o. a virtual server's cgi-bin directory.

What sort of changes/modifications to cgiwrap did you have in mind. I'm
working on the 3.6 release... (slowly, but it is coming along.) So if there
are changes that could be made, that would move toward making it combine
some of the better capabilities of suexec and cgiwrap, I'd be happy to look
into putting them in.

Other than the way that the information is passed to suexec, cgiwrap could
function (for user dirs w/ public_html/cgi-bin) similarly to suexec. The
difference is that cgiwrap figures out who the script should run as from
the script itself.

One very easy way that cgiwrap could be modified to work with suexec type
execution would be to just add another information-passing mechanism.
Currently, cgiwrap checks for "/~user/scriptpath", "/user/scriptpath",
"cgiwrap?user=user&script=scriptpath". Adding another method, such as
passing the user and script in through a pair of very specific environment
variables would also work.

Let me know some specific ideas as to what you'd like to do.

-- Nathan

Nathan Neulinger                  Univ. of Missouri - Rolla
EMail:                  Computing Services
WWW:      SysAdmin:

View raw message