You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Paul DeMarco <pd...@pauldemarco.com> on 2004/03/14 21:35:41 UTC
[users@httpd] SuEXEC question
Why does suexec not launch the users shell after changing effective user and
group ids to that user? I ask because I have all users jailed, but when the
web-server launches a CGI it is under the users account, but not jailed.
I realize suexec would need a common way of passing the CGI path and name
into the shell, and each is a little different. Related, but different, why
not chroot to the users home directory?
Are there security or implementation issues related to either of these?
patches that accomplish either? Thank you.
--Paul DeMarco