httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Harris" <dhar...@drh.net>
Subject RE: RedHat RPM enables suexec by default?
Date Tue, 26 Oct 1999 00:08:20 GMT

Marc Slemko wrote:
> Does anyone know if this is true?
>
> If so, it seems... well... somewhat questionable to me.

I don't see that in the Red Hat 6.0 Apache RPM:

# rpm -q apache
apache-1.3.6-7
# rpm -ql apache | grep suexec
/home/httpd/html/manual/suexec.html
/home/httpd/html/manual/suexec_1_2.html

I agree that it would be questionable. I helped out the maintainer of the
apache-mod_ssl RPM by recommending that he distribute the RPM with the
setuid-bit on the suexec binary removed. This way a user would have to enable
it manually to be bitten.

 - David Harris
   Principal Engineer, DRH Internet Services


Mime
View raw message