Hi, due to various bug reports, I have created a custom version of the suid root suexec cgi wrapper for apache. This version reads some settings from a config file instead of having all settings compiled in. Before I upload this to Debian, I would like someone else to review the changes I made. [1] contains these files: suexec.c.upstream: the source as it comes from upstream. This has been audited at [2]. suexec.c: the source I intend to use for the 'standard' suexec. This fixes some issues pointed out at [2] (CVE-2007-1742, etc.) and one bug related to logging. The latter fix is already in the current Debian package. suexec-custom.c: the source I intend to use for the 'custom' suexec. suexec.8: the man page for suexec-custom.c Comments are welcome. Thanks in advance. Cheers, Stefan [1] http://people.debian.org/~sf/suexec/ [2] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
Attachment:
signature.asc
Description: This is a digitally signed message part.