httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Dynamic Mass Virtual Hosting with Secure Dynamic Content is impossible?
Date Sat, 29 Jul 2006 01:20:00 GMT
On 7/28/06, <> wrote:
> Thanks for the attention Joshua...
>   Yes Ive read the other discussions (I think). I guess I assumed right
> then, Im stuck without changes to the source code? suexec cant work with
> mod_vhost_alias?


>   Regarding the UID mapping, all it would have to do would be suexec as the
> owner of the file. I wonder if that would really be insecure or inflexible
> afterall. Are users able to chown files to other users?

On some systems, yes, people can "give away" files.  Even on systems
where they can't, this would be a bad idea since people could do
malicious things to other people's accounts using their own binaries.

The more-secure solution that I was thinking of was simply hard-coding
a knowledge of the VirtualDocumentRoot into suexec so that cgi's
within a particular vhost were run under a particular userid.

As far as getting such a solution into the "mainline" apache httpd, I
guess it could be possible using a VirtualUserGroup directive, or
something of the sort.  I'd have to think more about the security
implications.  Hard-coding it into suexec would actually be more
secure, but you need to be very careful with any modification to



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message