httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Patch for disabling the suexec stuff (Patch: mod_fcgid-2.3.5-disable_suexec_check.patch)
Date Thu, 04 Nov 2010 10:51:17 GMT
On Thu, Nov 4, 2010 at 6:16 AM, Paul Howarth <paul@city-fan.org> wrote:
> On 22/10/10 13:35, Jeff Trawick wrote:
>>
>> On Fri, Oct 22, 2010 at 5:32 AM, Erik Wasser<erik.wasser@iquer.net>
>>  wrote:
>>>
>>> I've added an extra option to mod_fcgid to turn off the suexec stuff.
>>> It's
>>> useful if you want to run the apache as non-root user and you need the
>>> speed
>>> of mod_fcgid.
>>>
>>> The default value is - of course - 0. The configuration line is very
>>> simple:
>>>
>>> [...Other Fcgid options...]
>>> FcgidDisableSuexecCheck 1
>>> [...]
>>
>> This should just work out of the box.  We need to check if mod_fcgid
>> is behaving differently than other modules (e.g., mod_cgid), or if
>> general behavior is just busted.  I'll try to look into this "soon"
>> unless someone else reports back.
>
> Not being able to turn off suexec in mod_fcgid has been a long-standing
> issue in Fdora:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=523903
>
> Is there any chance of Erik's patch or something similar being in the
> upcoming release?

The one rolled today?  No.  (But we should have more frequent releases anyway.)

IMO this goes in mod_unixd (trunk) or os/unix/unixd.c (older releases)
to override the usual suexec enablement.  Something like

Suexec On    # startup fails if suexec isn't usable
Suexec Off    # suexec disabled even if usable

(I suspect some small trick is needed with this since, at least in
trunk, the determination is made in a pre-config hook.  Is that what
EXEC_ON_READ is for?  Maybe there are other surprises.)

Mime
View raw message