>> Could you please tell what security implications do you mean? And >> what's the difference between original suexec's security and the one I >> suggested? > I can't say that I'm a real expert here either, but one important > issue is that you would need to remove an suexec security check: > suexec runs files only under the userid of their owner. Removing > this check wouldn't automatically lead to a problem -- you'd still > need to compromise the httpd user -- buy it gets you one step closer. I don't see problems here if suexec will extend this restriction to any non-root user (or any non-special user, like bin, etc). If you see them, please, tell me. As far as I understand, this improvemnt will not affect suexec's simplicity and security. -- Best regards, Alexander --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|