www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Colyer <g...@elysium.demon.co.uk>
Subject Re: suexec/1469: suexec allows intermediate directories with unsafe permissions
Date Mon, 24 Nov 1997 13:20:00 GMT
The following reply was made to PR suexec/1469; it has been noted by GNATS.

From: Greg Colyer <greg@elysium.demon.co.uk>
To: Greg Colyer <greg@mercury.milton.house>
Cc: apbugs@apache.org
Subject: Re: suexec/1469: suexec allows intermediate directories with unsafe permissions
Date: Mon, 24 Nov 1997 12:04:38 +0000 (GMT)

 Correction to the above: a user who is not the HTTPD_USER (httpd in the
 example) is prevented from running suexec anyway, even if it is
 executable for them. So the point about file permissions is not
 important. The real aim is to hinder any hacker who breaks through
 Apache, in which case they will (or may) be the HTTPD_USER. For this
 purpose the VirtualHost _default_ and '/' comments still apply.

Mime
View raw message