www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag Wieers <...@digibel.be>
Subject Re: suexec/1924: VirtualHosts don't work with suexec, why not simply...
Date Sun, 08 Mar 1998 23:33:09 GMT
> Synopsis: VirtualHosts don't work with suexec, why not simply...
> 
> State-Changed-From-To: open-closed
> State-Changed-By: marc
> State-Changed-When: Sun Mar  8 16:15:23 PST 1998
> State-Changed-Why:
> No, we can not do that.  It is not secure.  suexec has to
> be secure even in the case that any user can execute it.
> It is possible to extend it to allow multiple hardcoded
> documentroots.  Right now, VirtualHosts work fine if you
> put them all below a common directory.
> 
> suexec is very limited and anal on purpose; it is very easy
> to open up a lot of security risks.
thanks for the instant reply, but i don't see why it is not secure, you
can't possibly alter the environment-variable in the short time apache
loads suexec, can you ? otherwise i think that's a security-bug in apache
not suexec. multiple hardcoded documentroots needs recompiles after every
addition... using the environmentvariables (that were made for these
tasks) would make this much more flexible, i think. (or communication as
an argument is another option, although the environment is already there,
why don't suexec use it ? ;ppp)

if i'm taking away your precious time, just tell me. but i think this is
important enough to clear this out, cause i'm convinced that cgi's ran by
users are a counterspell against ASP... (and ASP is far more worse than
CGI IMHO)
                   _  _  _
----------------- |_)(-)(_- -----------------
 fn:dag wieers - http://www.sisa.be/dagmenu/
 em:dag@digibel.be                uin:363535      
---------------------------------------------
 if the human  brain were  so simple that we 
 could understand it,  we would be so simple
 we couldn't.
---------------------------------------------


Mime
View raw message