DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26975>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26975 suEXEC no UID checking Summary: suEXEC no UID checking Product: Apache httpd-2.0 Version: 2.0.48 Platform: Other URL: http://www.isp-data.org/patches/apache-2.0.48- suexec_no_uid_resolving.patch OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: mod_suexec AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When you're running Apache in a Cluster-environment, it is very likely that you don't have to have 'real UIDs' on your system (files are owned by UID 1234, but it isn't in the passwd-file for example). But when you're using suEXEC, this isn't possible 'out-of-the-box', cause it does a getpwuid() call. This patch will eliminate this problem. Yes, it makes suEXEC one tiny little bit less secure you could say. But it will boost up performance if you normally would have to do query's on a MySQL-database for example (nss_mysql). I hope this patch can be included in some form in the official Apache distribution either by enabling it via a Compile option, or a run-time variable. Please let me know :) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
