You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1997/01/21 22:12:39 UTC

util.c change if suexec_enabled set? (fwd)

---------- Forwarded message ----------
Date: Tue, 21 Jan 1997 11:58:18 -0800 (PST)
From: Ian Reddy <ia...@sfu.ca>
To: apache-bugs@apache.org
Subject: util.c change if suexec_enabled set?

I'm not completely sure about this but it seems to me that if suexec
is in use then a user's CGI scripts need not be group/world accessable
in any way, possibly increasing security (through obscurity).

If so then the following diff would apply to util.c:

% diff -C3 util.c*
*** util.c      Sat Jan 18 23:12:01 1997
--- util.c.orig Sat Jan 18 23:11:25 1997
***************
*** 941,947 ****
  #ifdef MULTIPLE_GROUPS
    int cnt;
  #endif
-     if(suexec_enabled) return 1;
  #ifdef __EMX__
      /* OS/2 dosen't have Users and Groups */
      return 1;
--- 941,946 ----



-- 
  Ian Reddy, Senior Systems Consultant  E-mail:    Ian_Reddy@sfu.ca
  Academic Computing Services, AD1021              ian@sfu.ca
  Simon Fraser University               Telephone: (604) 291-3936
  Burnaby, B.C. Canada V5A 1S6          Fax:       (604) 291-4242