httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Suexec permissions question
Date Mon, 29 Feb 2016 16:51:35 GMT
On 2016-02-29 06:06, Jim Jagielski wrote:
> First of all, the idea is that the admin "trusts" whatever users are
> allowed to use suexec. It's also understood that the risk associated
> is directly related to how well tied-down the user account itself
> is.

It's more of a first-past-the-door situation.  By definition, any
suexec-ed file will have at least one daemon-modifiable executable,
and one daemon-modifiable folder available to be exploited.  That's
taking "trust" farther than strictly necessary.

View raw message