httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Ricar <>
Subject Re: [users@httpd] suexec for another user
Date Thu, 12 Aug 2010 13:49:39 GMT
Phil Howard wrote:
> By suexec wrapper, I mean a program you write which will be placed
> where Apache expects to find suexec.  The real suexec will be moved to
> somewhere else (maybe "real-suexec" in the same directory).  Your
> program will know where it is (and probably hard code that).  Your
> program gets control instead of suexec.  Your program can examine its
> environment and decide either to not run suexec, or to run suexec (and
> how to, perhaps fabricating a new environment for it), or to do
> something else, instead (maybe bypass suexec and run programs itself).

I am no big programmer myself and I would rather not write something as
powerfull as full apache suexec replacement.

> If you want to bypass some check that suexec normally does, you can,
> as one approach, modify the environment to fake the situation such
> that the check done by suexec does not have any effect.

I could not imagine way of fabricating environment for suexec to my  needs.

> I have not programmed around suexec any, recently, so I have forgotten
> the details of how it is run or configured.  I would read the
> documentation and maybe even the source code to rediscover that (and
> also review past suexec driven CGI programs I still have around from
> when I did that).  I do not recall, right now, just what checks suexec
> does.

I need just one thing: replace others writable tests by is_in_homedir
test - suexec does not solve, who could rewrite the code, but where the
code is located. My patch is rather naive and dirty proof of concept
right now, I will polish it a bit and post here.
I just wonder how others solve this as this should be very common problem...


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message