Apache/suexec (was Re: Debian Apache Packaging - Option 4!)

To: Daniel Stone <dstone@trinity.unimelb.edu.au>
Cc: Robert Woodcock <rcw@debian.org>, "Robert C." <robertc@rogers.com>, debian-security@lists.debian.org, editors@debianplanet.org
Subject: Apache/suexec (was Re: Debian Apache Packaging - Option 4!)
From: Justin Ryan <justin@gnubian.org>
Date: 16 Nov 2002 17:40:43 -0600
Message-id: <[🔎] 1037490045.25522.2.camel@qutang>
In-reply-to: <[🔎] 20021116220328.GB20526@trinity.unimelb.edu.au>
References: <3DD6B7C2.2030008@rogers.com> <20021116220123.GA340@frantica.lly.org> <[🔎] 20021116220328.GB20526@trinity.unimelb.edu.au>

> Not really, it's a security file: you can't change your area without
> recompiling. I can see the use for this: h4x0rs can't just change a
> config file and have a completely different suexec area, of their own
> choosing.

Of course, if they can get write access to said config file they
probably don't _need_ a special suexec area.  They also probably have
write access to the suexec binary, and could simply modify it directly
(this is what I did - no recompile - to get suexec working for my
sites).

Cheers,

-Jus

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Re: Debian Apache Packaging - Option 4!
  - From: Daniel Stone <dstone@trinity.unimelb.edu.au>

Prev by Date: Re: [OT] please do not ...
Next by Date: unsubscribe
Previous by thread: Re: Debian Apache Packaging - Option 4!
Next by thread: unsubscribe
Index(es):
- Date
- Thread