You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/01/06 22:17:59 UTC

Re: Possible suEXEC userdir fix...

This is what I intended to do Jason. If you have time to pull a
patch together, great.


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I have another possible solution to the userdir "problem" with suEXEC.
> 
> I am of the opinion that locking userdir requests to ~/<userdir>/cgi-bin/
> is unecessary and would even further break SSIs.
> 
> Instead of limiting to the single directory, how about having a USERDIR
> DEFINE that would contain the web directory name for userdirs.  That was,
> we can search for (HOMEDIR "/" USERDIR "/") in the current working 
> directory.  Seems to me it would limit requests to a user's webspace.
> 
> I can have a patch ready sometime tonight or early tomorrow.  Would this
> appease people enough so we can move forward on 1.2?
> 
> Jason
> # Jason A. Dour <ja...@bcc.louisville.edu>                            1101
> # Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
> # Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMtFpApo1JaC71RLxAQHPcAP6Axf9li1T41DZPy//0lScSvb1FBMnI99E
> BkJEfjZ1CDmX6EBSEpT2xBFNUfvurn3W+qAu5vJkKnw5OXgRAqkHRymQK+pN/mu8
> UtOS86oF7SvJhq4C0xgDLPuQ+vFXehB6md+5/RUaPdWK4qhbPv59JMMfaFI+cS3z
> aJR5FBr4TSQ=
> =lpia
> -----END PGP SIGNATURE-----