Freeside installation problem
Ivan Kohler
ivan at sisd.com
Wed Mar 25 23:49:47 PST 1998
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 25 Mar 1998, News Subsystem wrote:
> On Thu, 26 Mar 1998, Ivan Kohler wrote:
>
> > You may also want to take a look at the suExec feature of Apache, which
> > appears to provide similar functionality - it executes scripts as the
> > owner of the script (thus the setuid bit would not be needed). I haven't
> > tried this myself.
> >
> I believe that it is necessary to have apache running as root in order to
> use the suExec feature. This is a major security problem, much worse
> that setting the suid bit on a users files.
The documentation (specificly suexec.html from the manual) seems to
indicate that the suexec wrapper itself is setuid root, but that apache
does not run as root. I would guess that given Apache's popularity (and
wide distribution of source code :) ), a correctly installed suexec should
be fairly safe.
- --
Ivan Kohler <ivan at sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/
"I want to go on a mountain-top / with a radio and good batteries
play a joyous tune / and free the whole human race from suffering" -Bjork
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNRoImr7OPBeQJv09AQGE/wP9FRrIdUeGi+aFRLoTi1V0GLt0QUpuYa0K
xoIxnv5V6KSnMcDkte+noB+2sDQiXd050yRlyYX3Bm9eHgkTra7dLwoPRC+tn3BR
06Ly0mvLDJIsacd7fkuevSnzo4LBH0IAuupW3WGeyho7vtiymdaCpNI5W8i7EII5
VNw46eWwyIQ=
=JAPh
-----END PGP SIGNATURE-----
More information about the freeside-users
mailing list