Phil Howard wrote:
By suexec wrapper, I mean a program you write which will be placed where Apache expects to find suexec. The real suexec will be moved to somewhere else (maybe "real-suexec" in the same directory). Your program will know where it is (and probably hard code that). Your program gets control instead of suexec. Your program can examine its environment and decide either to not run suexec, or to run suexec (and how to, perhaps fabricating a new environment for it), or to do something else, instead (maybe bypass suexec and run programs itself).
I am no big programmer myself and I would rather not write something as powerfull as full apache suexec replacement.
If you want to bypass some check that suexec normally does, you can, as one approach, modify the environment to fake the situation such that the check done by suexec does not have any effect.
I could not imagine way of fabricating environment for suexec to my needs.
I have not programmed around suexec any, recently, so I have forgotten the details of how it is run or configured. I would read the documentation and maybe even the source code to rediscover that (and also review past suexec driven CGI programs I still have around from when I did that). I do not recall, right now, just what checks suexec does.
I need just one thing: replace others writable tests by is_in_homedir test - suexec does not solve, who could rewrite the code, but where the code is located. My patch is rather naive and dirty proof of concept right now, I will polish it a bit and post here. I just wonder how others solve this as this should be very common problem... David --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|