httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manoj Kasichainula <>
Subject Reimplementing suexec in 2.0
Date Mon, 01 Nov 1999 08:37:06 GMT
Here's my idea on how to do it after thinking a few minutes about it.
Everything I say about users applies to groups as well.

We add a "local_uid" field to request_rec. It gets initialized with
r->server->server_uid. It can be overridden by other modules.
mod_userdir would override it in the translate_name phase. That way,
we eliminate the "/~" hack that 1.3 has.

We then add a new function ap_create_process_as_user, which gets
passed in r->local_uid. On Unix, this is implemented as a wrapper
around ap_create_process that uses suexec. NT's implementation can do
that privilege-raising magic that I've been told about; I guess the
function would need a credentials argument to make that possible.

Nothing that's too far out there. Comments?

Manoj Kasichainula - manojk at io dot com -

View raw message