On 9/19/05, Oscar Haeger <Oscar.Haeger@xxxxxxxxxxxxx> wrote:
> What I'd like to know is if SuExec somehow prevents me from running scripts via
> symlinks.
> I have a webserver with SuExec installed and I'd like to be able to run scripts
> that resides in other peoples cgi-bin directories. I've tested this but haven't
> been able to get it to work.
Well, yeah. Allowing anything symlinked to get executed by suexec
would violate the basic security model. I agree that neither the
error message nor the docs are very explicit about this, but I think
the assumption is that security-minded people will know that a program
like suexec must forbid symlinks to do its job.
If you know a little c, then reading the suexec.c source code makes
things clear:
/*
* Error out if we cannot stat the program.
*/
if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
log_err("cannot stat program: (%s)\n", cmd);
exit(117);
}
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|