httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Kolesnik <>
Subject Re[4]: [users@httpd] suexec improvement suggestion
Date Fri, 20 May 2005 15:27:37 GMT
>> Could  you  please  tell  what  security implications do you mean? And
>> what's the difference between original suexec's security and the one I
>> suggested?

> I can't say that I'm a real expert here either, but one important
> issue is that you would need to remove an suexec security check:
> suexec runs files only under the userid of their owner.    Removing
> this check wouldn't automatically lead to a problem -- you'd still
> need to compromise the httpd user -- buy it gets you one step closer.

I  don't  see  problems here if suexec will extend this restriction to
any non-root user (or any non-special user, like bin, etc). If you see
them, please, tell me.

As far as I understand, this improvemnt will not affect suexec's
simplicity and security.

Best regards,

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message