www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: suexec/1769: suexec too limited -- need per-directory control, more permissive directory structures
Date Thu, 12 Feb 1998 01:50:00 GMT
The following reply was made to PR suexec/1769; it has been noted by GNATS.

From: Dean Gaudet <dgaudet@arctic.org>
To: Gary Shea <shea@gtsdesign.com>
Cc: apbugs@apache.org
Subject: Re: suexec/1769: suexec too limited -- need per-directory control, more permissive
directory structures
Date: Wed, 11 Feb 1998 17:43:36 -0800 (PST)

 On 6 Feb 1998, Gary Shea wrote:
 
 >  ScriptAlias /htd2/cgi-bin /users/src/a13b3/htd2/cgi-bin
 >  <Location /htd2/cgi-bin>
 >  <Limit GET POST>
 >  UserId          shea
 >  GroupId         users
 >  </Limit>
 >  </Location>
 
 You definately want to lose the <Limit>/</Limit>.  Well it will depend a
 bit on how you implemented things, but you almost never want those...
 because otherwise you're not protecting all methods.  You probably just
 want:
 
 <Location ...>
 UserID shea
 GroupId users
 </Location>
 
 As for the patch, I think we're going to have to stick this in contrib for
 now because we're not at a point in either the 1.2 or 1.3 development
 cycle where we want to make such a large change to a very security
 sensitive feature.  But thanks for contributing it. 
 
 Dean
 
 

Mime
View raw message