httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manoj Kasichainula <man...@io.com>
Subject Re: apaci
Date Sat, 25 Apr 1998 20:52:22 GMT
On Sat, Apr 25, 1998 at 08:11:52PM +0200, Ralf S. Engelschall wrote:
> Adding or just activating third-party modules, enabling suEXEC
> feature, all-in-one "make install"

Hmm, this brings up a possible concern. From manual/suexec.html:

   Fourth, and last, it has been the decision of the Apache Group to NOT 
   make suEXEC part of the default installation of Apache. To this end,  
   suEXEC configuration is a manual process requiring of the
   administrator careful attention to details. It is through this process
   that the Apache Group hopes to limit suEXEC installation only to those
   who are determined to use it.

Has this changed? Another possible concern is that some of the default
config parameters for suEXEC may not be valid all on platforms, which
could lead to possible security holes. For example, UID_MIN and
GID_MIN should be set to 500 for Red Hat Linux systems. I don't see a
way offhand to set these parameters.

-- 
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/
"People who live in glass houses should get dressed with the lights
out." - Yakko Warner

Mime
View raw message