On Monday, Jun 16, 2003, at 03:11 US/Pacific, Eugene Geldenhuys wrote: [..]
Thanks for the advice[..]
I have looked at the items you mentioned - details in body of reply
will someone remind the drieux to have coffee, I think the problem could well be the imfamous problem of binding processes to well named ports, eg ones below 1024, and as such the actual 'binary' code will need to bet setgid - eg: 4555 - so that it can be run initially by a 'root' process that will allow it to bind to the port, setgid(), then setuid() and THEN fork itself into the background.
I normally run Virtual Hosts on ports above 1024 so that I do not run into this problem. Or if I am rigging apache to be a 'stand alone' - then I just define the user/group values to be running as the uid/gid that is required... in that case I totally avoid the whole suexec() problem in most cases, since the httpd daemons are already forked out as the require uid/gid....
ciao drieux
---
More Dumb Things to NOT CODE!
do not setuid() to a non-privilaged user
if you need to call setgid()... even if all
the oldGuys say 'setuid(), setgid()', that's because
they are pushing the values onto a mental stack
for them to pop off later....
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
