[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#499191: apache2-suexec-custom: Allow execution of programs owned by root

Package: apache2-suexec-custom
Severity: wishlist

I'm using apache2 together with fastcgi, suexec and php. To configure php I'm using a wrapper script to set PHPRC, which then exec's php itself.

I don't want users to set their own PHPRC, so they could modify the php.ini for their site. This means users shouldn't be able 
to write to the wrapper script. The problem is that suexec requires the wrapper script to be owned by the user it should be executed as, which means 
the user could modify this script.

The same problem occurs when you want to provide some cgi scripts for your users in a central location. Suexec requires them to be owned by the user 
it should be executed as. Usually these shared cgi scripts are owned by root, or another account which is 'trusted'.

So the actual item for the wishlist is to be able to specify a user (or more than one) that are considered trusted. Suexec will then allow files 
owned by either the target user, or by a trusted user, to be executed.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8)
Shell: /bin/sh linked to /bin/bash

Reply to: