httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Shea <s...@gtsdesign.com>
Subject Re: Contribution: SuEXEC Options
Date Mon, 16 Nov 1998 17:19:27 GMT
On Sun, 15 Nov 1998, Oezguer Kesim wrote:
> I think, it would be sufficent to have a simple Option "SuExec" per
> <Directory> and <Location>.  The rest could be handled over suexec.conf --
> both, my approach and your uid/gid-pair (maybe you also want following
> symlinks in some cases? hint, hint!)
> 
>   cheers,
>     oec

That would do the job, and would be easiest to support for the
apache folks.  A couple of questions we might want to come
up with answers for:

-- In the docs for Option we find:
    All 
	  All options except for MultiViews. This is the default setting. 
    That's clearly not what we want with SuEXEC.  Should we create a new
    keyword to avoid fouling up the Option semantics, or maybe suggest:
    All 
	  All options except for MultiViews and SuEXEC.
	  This is the default setting. 

-- is the Option SuEXEC (or whatever semantics we end up using)
    approach compatible with the current suexec?  I think it is,
    in that as far as I can see no security holes get opened;
    on the other hand, Option SuEXEC makes no sense at all unless
    there is a 'second generation' suexec out there that can
    really take advanage of it.  Could be confusing for apache
    maintainers.

I'm not sure what answers I prefer for these questions.


Mime
View raw message