Hi, Is there a way I can stop apache from accessing any file on system that is world readable, like etc/passwd and so on. suexec works to the point that the cgi called must be inside the doc-root (or at least seems to), but if I call an open on say var log daemon.log or etc passwd, it opens and prints out its contents. my suexec build options are: --enable-suexec --with-suexec-docroot=/srv/vhosts/www --with-suexec-caller=apache --with-suexec-logfile=/var/log/apache/suexec_log with about 2000 hosts per box, running in jails I dont think can be an option. Is there not a sort of open base dir lockdown option like php has? Thanks --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|