DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28116>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28116 public_html (user redirect) is broken across cgi files [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2004-04-04 22:11 ------- I should have left well-enough alone. But no, I had to go and re-install, so I could see what suexec's flags were. This is what Redhat is/was shipping as the default compile flags: ./suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=500 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=500 -D AP_USERDIR_SUFFIX="public_html" Which, according to your documentation at: http://httpd.apache.org/docs-2.0/suexec.html especially the part that says: If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. and take that and make that part of the faq. Also, point out (somewhere?) that the remapping (aliasing it out of the ~name expansion) means that suexec doesn't take any consideration as to the running of the scripts, as far as I can tell. This, in and of itself, might be a bug, but I leave that for some of you security heads. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
