httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: suEXEC alternative. Please comment.
Date Wed, 09 Sep 1998 19:58:25 GMT
On Wed, 9 Sep 1998, Ben Laurie wrote:

> > Then, that wrapper can also do special things for files that are setuid to
> > a particular user.
> > 
> > The issue here is that you end up placing a whole lot of faith in the
> > assumption that there are no other security holes in the server or other
> > ways to do things as xxx, which is a bad assumption.
> Well, its a better assumption than the current suEXEC model, isn't it?

Yes and no.

The current assumption is that anyone can compromise the user the web
server runs as, so it is silly to base any security on that.

That is a better assumption in some ways, but it is more restricted in
some ways. 

View raw message