httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: [PATCH] security - run mod_cgid's daemon under same user as Apache
Date Thu, 08 Jun 2000 12:34:55 GMT
> Date: Thu, 8 Jun 2000 13:27:22 +0100 (BST)
> From: James Sutherland <>
> On Thu, 8 Jun 2000, Jeff Trawick wrote:
> > Inheriting a file descriptor won't help Apache.  We want a new
> > connection per cgi request.  Apache has to do connect() for each cgi
> > request, and you can't issue connect() more than once on the same
> > socket.  At the time of the connect(), Apache must have write access
> > to the socket. 
> OK; we'll keep it owned by Apache, with rw------- permissions then?

Yep...  The cgi daemon and Apache will run under the same uid.  If
the administrators need to run cgis under a different uid, then
whether they use mod_cgi or mod_cgid they need to use suexec.  Of
course, somebody needs to help Manoj out and get the suexec code
reviewed and tested and such, and make unspecified changes so that it
works with mod_cgid.

Jeff Trawick | | PGP public key at web site:
          Born in Roswell... married an alien...

View raw message