| Message view | « Date » · « Thread » |
|---|---|
| Top | « Date » · « Thread » |
| From | Jeff Trawick <traw...@gmail.com> |
| Subject | just how bad an idea is it to specify the path to suexec binary in httpd.conf? |
| Date | Thu, 03 Nov 2005 16:38:45 GMT |
ErrorLog /etc/some-important-database LoadModule hidden_module /usr/local/viewcvs-0.9.3/pipeopen.py SuexecWrapper /www/abc.example.com/bin/suexec If random user can edit main conf file, things are pretty bad, at least when root starts Apache. Perhaps there are more current limitations on possible harm when non-root starts Apache. Any thoughts on avoiding hard-coded path to suexec? | |
| Mime |
|
| View raw message | |