httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond S Brand <r...@rsbx.net>
Subject Re: [PATCH] "responsible party" for requests.
Date Thu, 06 May 1999 21:46:04 GMT
Aidan Cull wrote:
> 
> In an effort to make this a slightly easier discussion for people
> to get involved in, let me explain what the SuEXEC-related changes
> are supposed to do..
> 
...
> 
> I'd like to know that I solved this PR in a good way..  Can
> someone else that uses SuEXEC please look at the patch?
> 

I use suexec and, at a previous employer, needed something similar
to what you seem to be wanting to do. I've looked at the patch,
though not tried it.

Current Apache/suexec behavior is to execute the CGI as User:Group
from the config files or as UID:GID of the user from the passwd file.

The patched behavior adds execution as UID:GID of the file to execute.
The difference is the GIDs and the new behavior is a setGID script.
This I see as a security hole.

Raymond S Brand

Mime
View raw message