Re: enabling suexec with debian apache [solved]

To: Robert Varga <robi@piros.zold.net>
Cc: Marko Cehaja <marko@magikomik.de>, Debian User List <debian-user@lists.debian.org>, recipient list not shown: ;
Subject: Re: enabling suexec with debian apache [solved]
From: Adam Shand <larry@alaska.net>
Date: Mon, 21 Feb 2000 13:05:36 -0900 (AKST)
Message-id: <[🔎] Pine.LNX.4.21.0002211304200.1956-100000@heyzeus.alaska.net>
In-reply-to: <[🔎] Pine.LNX.3.96.1000221212726.13373E-100000@piros.zold.net>

> If there is an exploitable cgi, then there is web access to all of the
> owning user's files. If it is not run via the suEXEC mechanism, then the
> permissions are that of www-data, which are close to nothing.

except that suexec effectively chroot's the the virtuals document root
... so all of the users mail etc files in their home directory should be
safe.

> If suEXEC is enabled, then a lot more requirements need to be met for
> running a cgi. This usually leads to a lot of users complaining about
> this and that is not working and why, when it runs on another similar
> machine?

the eternal trade off between security and convenience.  it's your choice.

adam.

Reply to:

References:
- Re: enabling suexec with debian apache [solved]
  - From: Robert Varga <robi@piros.zold.net>

Prev by Date: What *is* Gnome/KDE?
Next by Date: Re: Is Debian going to run on my machine?
Previous by thread: Re: enabling suexec with debian apache [solved]
Next by thread: Re: enabling suexec with debian apache [solved]
Index(es):
- Date
- Thread