httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] changing suexec settings
Date Tue, 02 Dec 2003 18:21:17 GMT

On Mon, 1 Dec 2003 Shen.Yang@ny.frb.org wrote:

> The idea occurred to me as you can see in my original e-mail.
> It just strikes me that it seems there isn't a more flexible and less time
> consuming way to change the suexec settings without having to re-install
> the entire apache in a dummy directory. Although security should not be
> taken lightly, the current way to modify the suexec settings is kind of
> inflexible.

As has been pointed out, you don't need to reinstall apache.  You only
need to recompile and then pick the suexec binary out of the support/
directory.

suexec is a suid root binary.  This is about the most dangerous type of
program that you can run.  It is therefore inflexible *by design* to
prevent bad things from happening.

Unfortunately, flexibility and security are sometimes inversely related.
And with suexec, security must win.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message