Re: PHP using suexec
On Wed, 12 Feb 2003 12:31, Fraser Campbell wrote:
> Experimental High speed perchild threaded model for Apache2
> Perchild is the grown up, mac daddy version of suexec for apache2.
> Rather than execute a cgi script as a given user, perchild forks a
> process for each vhost, then su's to the correct user/group for that
> vhost.
>
> Each process then uses a thread model similar to that of the worker
> mpm.
>
> THIS MPM IS NOT CURRENTLY EXPECTED TO WORK CORRECTLY, IF AT ALL. IT
> IS UNDER VERY HEAVY DEVELOPMENT.
> This mpm is still highly experimental, and should be used with care.
Does this do:
fork(); setgid(); setuid();
Or does it do:
fork(); setgid(); setuid(); execve("/usr/sbin/apache-mpm", ...);
It would be much more conveniant for me if it does the latter, then I could
easily patch the code to do secure_execve() to run the vhost in a different
SE Linux security context.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: