www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject Re: suexec/6933: suexec does not check cgi's from within the docroot (blind execution)
Date Wed, 06 Dec 2000 04:10:47 GMT
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

Synopsis: suexec does not check cgi's from within the docroot (blind execution)

State-Changed-From-To: open-closed
State-Changed-By: slive
State-Changed-When: Tue Dec  5 20:10:46 PST 2000

Yes, the suexec docs are a little sketchy.  However,
what you are asking for does not make any sense.
If the request is for the main server, not under
any vhost, then what user and group would suexec
change to?  (That is a rhetorical question ;-)

If you to use suexec on the main server, you should
configure a vhost to catch requests for the main
server and place the appropriate User and Group
directive in the vhost.

Thanks for using Apache.

View raw message