> On 24 Jun 2016, at 16:24, Stormy <stormy22@xxxxxxxxx> wrote: > > At 03:53 PM 6/24/2016 +0200, Ben RUBSON wrote: >> On 2016-06-08 at 14:24, Nick Kew wrote : >> > On Wed, 2016-06-08 at 08:01 -0400, Eric Covener wrote: >> >> On Sat, Apr 16, 2016 at 6:00 PM, Ben RUBSON <ben.rubson@xxxxxxxxx> wrote: >> >>> Then my question is, could it be possible ? >> >> >> >> You would need your own daemon launched during an early hook (like >> >> post_config). You wouldn't be able to respond [directly] to requests, >> >> you'd need to reach out over something like a pipe the way rewritemap >> >> does. >> >> >> > A hacked suexec would be a per-request option. Or using >> > solaris and mod_privileges might just possibly help with >> > more fine-grained escalation. >> >> Nick, thank you very much for your answer, and sorry for my late reply. >> >> I red suexec source code, it gave me some ideas : >> I could write my own setuid-ed program which would : >> - setuid(<user_id>) >> - only perform the needed tasks under <user> >> - exit >> This program could be then called from any other custom module etc... > > Maybe esoteric, possibly off-topic for this precise thread, but would mod-itk be potentially useful? I looked into it a few years back, it *seemed* to do what was promised, but also carried a fairly major cpu-cycle overhead. I didn't have time to try and refine implementation and never put it into production... Thank you for your suggestion Paul ! I used to use mpm-itk, but I reverted back to built-in MPMs as I'm not really confident having the main server (the very first one receiving requests) running as root. Best regards, Ben --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|