www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.org
Subject Re: suexec/2241: suEXEC won't execute anything not under DOC_ROOT from suexec.h
Date Sun, 17 May 1998 14:17:28 GMT
Synopsis: suEXEC won't execute anything not under DOC_ROOT from suexec.h

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Sun May 17 07:17:26 PDT 1998
State-Changed-Why:
suexec is the way it is for a reason; letting it blindly
trust the environment variable it is passed opens up a security hole
by allowing anyone who can run suexec (ie. as the user that
is defined in suexec.h) to run _any_ program anywhere on
disk, subject to the other restrictions.  This can have
very serious security implications.

Again, suexec will only execute programs under a defined
DOCUMENT_ROOT or in ~userdirs by design for security
reasons.


Mime
View raw message