www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag Wieers <...@digibel.be>
Subject Re: suexec/1924: VirtualHosts don't work with suexec, why not simply...
Date Mon, 09 Mar 1998 01:30:00 GMT
The following reply was made to PR suexec/1924; it has been noted by GNATS.

From: Dag Wieers <dag@digibel.be>
To: Marc Slemko <marcs@znep.com>
Cc: Apache bugs database <apbugs@apache.org>
Subject: Re: suexec/1924: VirtualHosts don't work with suexec, why not simply...
Date: Mon, 9 Mar 1998 01:26:19 +0100 (CET)

 > No, the whole point is that _ANYONE_ else can execute suexec if they can
 > get access to the user Apache runs as to bypass that check.  It is not
 > acceptable for that person to be able to specify their own varilables that
 > can alter what suexec does in such a manner.  If suexec would listen to
 > what they specify, it would be possible to compromise security in many
 > cases.
 oki, you're right, suexec can be run from the prompt too, i didn't think
 of that. i'm sorry, so the only solution to work around the virtual hosts
 without recompiling once in a while is to hardcode it into apache ?
 thanks for explaining this, maybe it worthwhile to tell this in the
 suexec-documentation or in a faq, as it would have saved me (and you) some
 time...
 
 thanks,
                    _  _  _
 ----------------- |_)(-)(_- -----------------
  fn:dag wieers - http://www.sisa.be/dagmenu/
  em:dag@digibel.be                uin:363535      
 ---------------------------------------------
  if the human  brain were  so simple that we 
  could understand it,  we would be so simple
  we couldn't.
 ---------------------------------------------
 

Mime
View raw message