httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Kolesnik <apache-li...@abisoft.biz>
Subject Re[4]: [users@httpd] suexec improvement suggestion
Date Fri, 20 May 2005 15:27:37 GMT
>> Could  you  please  tell  what  security implications do you mean? And
>> what's the difference between original suexec's security and the one I
>> suggested?

> I can't say that I'm a real expert here either, but one important
> issue is that you would need to remove an suexec security check:
> suexec runs files only under the userid of their owner.    Removing
> this check wouldn't automatically lead to a problem -- you'd still
> need to compromise the httpd user -- buy it gets you one step closer.

I  don't  see  problems here if suexec will extend this restriction to
any non-root user (or any non-special user, like bin, etc). If you see
them, please, tell me.

As far as I understand, this improvemnt will not affect suexec's
simplicity and security.

-- 
Best regards,
 Alexander


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message