The following reply was made to PR suexec/1469; it has been noted by GNATS.
From: Greg Colyer <[EMAIL PROTECTED]> To: Greg Colyer <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: suexec/1469: suexec allows intermediate directories with unsafe permissions Date: Mon, 24 Nov 1997 12:04:38 +0000 (GMT) Correction to the above: a user who is not the HTTPD_USER (httpd in the example) is prevented from running suexec anyway, even if it is executable for them. So the point about file permissions is not important. The real aim is to hinder any hacker who breaks through Apache, in which case they will (or may) be the HTTPD_USER. For this purpose the VirtualHost _default_ and '/' comments still apply.
