httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: Question for the development team
Date Wed, 13 Aug 1997 17:52:32 GMT
It could but it doesn't.  One large reason being that most people are too
stupid to setup the chroot()ed environment properly so we would have
zillions of people whining about it not working right.

There is a lot more suexec could do.  Implementing some of it requires...
more thought.

On Wed, 13 Aug 1997, sameer wrote:

> seems to me like suexec would be able to chroot. I don't know though.
> 
> > 
> > Would someone closer to the suexec scene care to followup?  I'm pretty sure
> > there's not, but if not, I'd like to suggest a preferred way we'd like to
> > see it done, if he's interested in developing a patch...
> > 
> > 	Brian
> > 
> > >Date: Wed, 13 Aug 1997 10:41:43 -0500
> > >From: Ben Miller <bgmiller@dccinc.com>
> > >X-Mailer: Mozilla 3.01 (Win95; I)
> > >To: brian@organic.com
> > >Subject: Question for the development team
> > >
> > >Brian, I got your name from the Apache web site and I'm hoping that you
> > >will be able to help answer a question.  I am looking to be able to run
> > >CGI scripts in the most secure fasion possible.  I have read all the
> > >docs on suEXEC and it seems that there is a major security advantage
> > >missing from the apache CGI handling capability.  This may be an
> > >intentional ommission but I have to ask.  Is there a way currenlty or in
> > >development to have the suEXEC wrapper do a chroot to provide a file
> > >system level security for each virtual server.  In other words if they
> > >want to put a messy CGI script up and it screws up or is hacked it can
> > >only ever affect the directory and files of the virtual server.
> > >	Thanks in Advance,
> > >		Ben Miller
> > >
> > --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> > "Why not?" - TL           brian@organic.com - hyperreal.org - apache.org
> > 
> 
> 
> -- 
> Sameer Parekh					Voice:   510-986-8770
> President					FAX:     510-986-8777
> C2Net
> http://www.c2.net/				sameer@c2.net
> 


Mime
View raw message