The following reply was made to PR suexec/1924; it has been noted by GNATS.
From: Dag Wieers <[EMAIL PROTECTED]>
To: Marc Slemko <[EMAIL PROTECTED]>
Cc: Apache bugs database <[EMAIL PROTECTED]>
Subject: Re: suexec/1924: VirtualHosts don't work with suexec, why not simply...
Date: Mon, 9 Mar 1998 01:26:19 +0100 (CET)
> No, the whole point is that _ANYONE_ else can execute suexec if they can
> get access to the user Apache runs as to bypass that check. It is not
> acceptable for that person to be able to specify their own varilables that
> can alter what suexec does in such a manner. If suexec would listen to
> what they specify, it would be possible to compromise security in many
> cases.
oki, you're right, suexec can be run from the prompt too, i didn't think
of that. i'm sorry, so the only solution to work around the virtual hosts
without recompiling once in a while is to hardcode it into apache ?
thanks for explaining this, maybe it worthwhile to tell this in the
suexec-documentation or in a faq, as it would have saved me (and you) some
time...
thanks,
_ _ _
----------------- |_)(-)(_- -----------------
fn:dag wieers - http://www.sisa.be/dagmenu/
em:[EMAIL PROTECTED] uin:363535
---------------------------------------------
if the human brain were so simple that we
could understand it, we would be so simple
we couldn't.
---------------------------------------------
