On Wed, 24 Oct 2001, Stefanos Harhalakis wrote: > Suppose we have mingid==100 and a user with gid==0 which belongs to groups > 123,234,345. Suexec will no execute and script for this user. > > Now suppose we have the same user with gid==123 which belongs to groups0 > ,234,345. Suexec will execute any cgi without problem. The running cgi will > be a member of all those groups. suexec does not check supplementary groups. It could do it but I do not think it is a serious problem--the motivation behind the checks is to avoid accidental invocation of CGI programs running under root or other special accounts. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
