httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] SuExec and symlinks
Date Mon, 19 Sep 2005 12:57:01 GMT
On 9/19/05, Oscar Haeger <> wrote:
> What I'd like to know is if SuExec somehow prevents me from running scripts via
> symlinks.
> I have a webserver with SuExec installed and I'd like to be able to run scripts
> that resides in other peoples cgi-bin directories. I've tested this but haven't
> been able to get it to work.

Well, yeah.  Allowing anything symlinked to get executed by suexec
would violate the basic security model.  I agree that neither the
error message nor the docs are very explicit about this, but I think
the assumption is that security-minded people will know that a program
like suexec must forbid symlinks to do its job.

If you know a little c, then reading the suexec.c source code makes
things clear:
     * Error out if we cannot stat the program.
    if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
        log_err("cannot stat program: (%s)\n", cmd);


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message