You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Paul DeMarco <pd...@pauldemarco.com> on 2004/03/14 21:35:41 UTC

[users@httpd] SuEXEC question

Why does suexec not launch the users shell after changing effective user and
group ids to that user?  I ask because I have all users jailed, but when the
web-server launches a CGI it is under the users account, but not jailed.

 

I realize suexec would need a common way of passing the CGI path and name
into the shell, and each is a little different.  Related, but different, why
not chroot to the users home directory?  

 

Are there security or implementation issues related to either of these?
patches that accomplish either?  Thank you.

 

--Paul DeMarco