Re: PHP using suexec

[Russell Coker <russell@coker.com.au>]

On Wed, 12 Feb 2003 12:31, Fraser Campbell wrote:
>    Experimental High speed perchild threaded model for Apache2
>    Perchild is the grown up, mac daddy version of suexec for apache2.
>    Rather than execute a cgi script as a given user, perchild forks a
>    process for each vhost, then su's to the correct user/group for that
>    vhost.
>
>    Each process then uses a thread model similar to that of the worker
>    mpm.
>
>    THIS MPM IS NOT CURRENTLY EXPECTED TO WORK CORRECTLY, IF AT ALL. IT
>    IS UNDER VERY HEAVY DEVELOPMENT.
>    This mpm is still highly experimental, and should be used with care.

Does this do:
fork(); setgid(); setuid();

Or does it do:
fork(); setgid(); setuid(); execve("/usr/sbin/apache-mpm", ...);

It would be much more conveniant for me if it does the latter, then I could 
easily patch the code to do secure_execve() to run the vhost in a different 
SE Linux security context.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page