Re: Freeside installation problem

[Ivan Kohler <ivan@sisd.com>]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 25 Mar 1998, News Subsystem wrote:

> On Thu, 26 Mar 1998, Ivan Kohler wrote:
>
> > You may also want to take a look at the suExec feature of Apache, which
> > appears to provide similar functionality - it executes scripts as the
> > owner of the script (thus the setuid bit would not be needed).  I haven't
> > tried this myself.
> > 
> I believe that it is necessary to have apache running as root in order to 
> use the suExec feature.  This is a major security problem, much worse 
> that setting the suid bit on a users files.

The documentation (specificly suexec.html from the manual) seems to
indicate that the suexec wrapper itself is setuid root, but that apache
does not run as root.  I would guess that given Apache's popularity (and
wide distribution of source code :) ), a correctly installed suexec should
be fairly safe.

- -- 
Ivan Kohler <ivan@sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/
"I want to go on a mountain-top / with a radio and good batteries
 play a joyous tune / and free the whole human race from suffering" -Bjork

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNRoImr7OPBeQJv09AQGE/wP9FRrIdUeGi+aFRLoTi1V0GLt0QUpuYa0K
xoIxnv5V6KSnMcDkte+noB+2sDQiXd050yRlyYX3Bm9eHgkTra7dLwoPRC+tn3BR
06Ly0mvLDJIsacd7fkuevSnzo4LBH0IAuupW3WGeyho7vtiymdaCpNI5W8i7EII5
VNw46eWwyIQ=
=JAPh
-----END PGP SIGNATURE-----