[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#614813: ITP: suexec-conf -- Fully configurable apache suexec binary

Package: wnpp
Severity: wishlist
Owner: Alexander Gerasiov <gq@debian.org>

* Package name    : suexec-conf
  Version         : 0.0.1
  Upstream Author : Alexander Gerasiov <gq@cs.msu.su>
* URL             : https://github.com/gerasiov/suexec-conf
* License         : Apache
  Programming Lang: C
  Description     : Fully configurable apache suexec binary

Original suexec do some strict checks on start up to provide some security.
This checks are really good, but unfortunately the only way you can configure
it - recompile from sources.

Another problem of original suexec is that is requires that running script
should be owned by the same user suexec setuids to. But there are situation,
when you want different users be able to run shared script (owned by root for
security), or you may want to setup wrapper for some file's types (e.g.
/usr/bin/php-cgi for .php) which is common for all users. In such cases
original suexec will not work, but suexec-conf will do.

suexec-conf is the configurable version of classical suexec from apache.

For now it allows you to configure everything, you could configure for
classic suexec on compile time. And it also support always_allow option where
you could list scripts/command which should be owned by root, but not the user
suexec setuids to.

Reply to: