Received: (qmail 15579 invoked by uid 2012); 3 Mar 1999 13:42:55 -0000 Message-Id: <19990303134255.15577.qmail@hyperreal.org> Date: 3 Mar 1999 13:42:55 -0000 From: Julien PLISSONNEAU DUQUENE Reply-To: jplissd@atlantic-line.fr To: apbugs@hyperreal.org Subject: vhosts & scriptaliases X-Send-Pr-Version: 3.2 >Number: 3989 >Category: suexec >Synopsis: vhosts & scriptaliases >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: change-request >Submitter-Id: apache >Arrival-Date: Wed Mar 3 05:50:02 PST 1999 >Closed-Date: Fri Jan 07 14:57:37 PST 2000 >Last-Modified: Sat Jan 8 11:10:00 PST 2000 >Originator: jplissd@atlantic-line.fr >Release: 1.3.4 >Organization: >Environment: Linux >Description: I've got several vhosts on my server, but they are not located under the main server's docroot tree, so they won't initially work with suexec. I only use ScriptAliases - This way I am able to control the use of CGI by a restricted set of users, and they name their cgi as they want. I would like suexec to work with ScriptAliased directories. [workaround - I disabled the htdocs path checking of suexec, that's still safe enough for my site] >How-To-Repeat: Have ScriptAlias directories outside htdocs. >Fix: Makes suexec more complicated: if script path not in docroot, load an alternate list of trusted ScriptAliased directories from a safe file. As most sites does not need this, provide it as a makefile option. Provide an utility to compile such a list from httpd.conf and eventually accessible .htaccess files. >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Fri Jan 7 14:57:37 PST 2000 State-Changed-Why: The current design of suexec requires that all suexeced scripts reside under the path defined at compile-time. That may mean that you need to define that as "/", but that's the way it works. Any and all options must be set at compile-time, not run-time. From: Julien PLISSONNEAU DUQUENE To: coar@apache.org Cc: apache-bugdb@apache.org, apbugs@apache.org Subject: Re: suexec/3989: vhosts & scriptaliases Date: Sat, 8 Jan 2000 20:05:50 +0100 (CET) On 7 Jan 2000 coar@apache.org wrote: > Synopsis: vhosts & scriptaliases >=20 > State-Changed-From-To: open-closed > State-Changed-By: coar > State-Changed-When: Fri Jan 7 14:57:37 PST 2000 > State-Changed-Why: >=20 > The current design of suexec requires that all suexeced > scripts reside under the path defined at compile-time. >=20 > That may mean that you need to define that as "/", > but that's the way it works. "It's not a bug it's a feature", so ? :) How should I report a suexec _design_ bug ? > Any and all options must > be set at compile-time, not run-time. This is not really convenient when using pre-compiled binaries. For example everytime I upgrade my system my own version of suexec gets overwritten ... and having to set the path as "/" means that this is a sometimes useless security check. I think that using a pre-parsed run-time config file won't hurt the performance too much and will really ease suexec's configuration ... and it's as safe as suexec alone. --=20 Julien Plissonneau Duqu=E8ne - ISTM ICN 2002 http://www.istm.fr/ >Unformatted: >Quarter: >Keywords: >Date-Required: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]