httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: Contribution: SuEXEC Options
Date Sat, 14 Nov 1998 20:47:26 GMT
On Sat, 14 Nov 1998, Oezguer Kesim wrote:

>   - util_scrip.c is changed so that it calls suEXEC like in the two cases
>     in the original source (i.e ~user or <Virtualhost> with UID and GID
>     set) and now also when `SuExec' is set for this <Directory>.
> 
>     Also, create_argv(), has been changed.  All Options set for a specific
>     <Directory> are given as commandline argument to suEXEC.

suexec is designed so it does not trust anything passed to it on the
command line, but verifies it all itself.  What stops anyone else who can
get access to the user Apache runs as from calling suexec with whatever 
arguments they want in your case?


Mime
View raw message