[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#270252: suexec could honour apache's DocumentRoot

Package: apache
Version: 1.3.31-4
Severity: wishlist

Looks that currently (unless suexec is recompiled) it's impossible to
make a virtual host that will run cgi scripts under user configured by
User= directive, if script are located under virtual hosts's
DocumentRoot that is outside of /var/www, e.g. in vhost maintainer's
home directory under /home.

This is caused by "docroot" compiled in suexec binary.

It would be good if suexec will follow DocumentRoot setting in apache
configuration instead. To do so without making suexec less secure,
probably current virtual host should be passed to suexec in additional
command line argument, and appropriate docroot parsed from apache
configuration by suexec itself.

-- System Information:
Debian Release: 3.0
  APT prefers testing
  APT policy: (620, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-k7-smp
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R

Versions of packages apache depends on:
ii  apache-common               1.3.31-4     Support files for all Apache webse
ii  debconf                Debian configuration management sy
ii  dpkg                        1.10.23      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-13 GNU C Library: Shared libraries an
ii  libdb4.2                    4.2.52-17    Berkeley v4.2 Database Libraries [
ii  libexpat1                   1.95.6-8     XML parsing C library - runtime li
ii  libmagic1                   4.09-1       File type determination library us
ii  logrotate                   3.7-2        Log rotation utility
ii  mime-support                3.28-1       MIME files 'mime.types' & 'mailcap
ii  perl                        5.8.4-2      Larry Wall's Practical Extraction 

-- debconf information excluded

Reply to: