On 11/9/05, John Goggan <jgoggan@xxxxxxx> wrote: > However, suexec still checks that the file is owned by the user trying to run > it, correct? Therefore, is doing a document root of /home (or even / and > ignoring the doc root check for that matter) that insecure/dangerous if it > only allows people to run things that they already own? If the only thing under /home are files normally seen from the web, then it isn't a big deal. But if there are other executables under there, then you open up a signficant danger if anyone ever compromises the userid under which you run apache. It doesn't instantly make your system vulnerable -- it just removes one layer of protection. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|