DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28116>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28116 FAQ: how to turn off suexec in third-party distros [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Component|mod_userdir |Documentation Summary|public_html (user redirect) |FAQ: how to turn off suexec |is broken across cgi files |in third-party distros ------- Additional Comments From [EMAIL PROTECTED] 2004-04-05 15:28 ------- If you read "disdain" in my comments, then I apologize. It was certainly not intended. What I meant to express was confusion. Several of your comments still have me confused. The suggestion of documenting how to turn off suexec in the FAQ is not a bad one. We should consider that. As far as your number 2), if you look at http://httpd.apache.org/docs-2.0/suexec.html#usage you'll see that suexec is only called if mod_userdir is involved in the request (or for certain virtual hosts). If you use an Alias to map "~", then you circumvent mod_userdir and hence suexec plays no part at all. Although this may indeed have security implications in some circumstances, it would not make sense to deny the request, because there are valid reasons for using an Alias in this way. This is one of many reasons why suexec should only be used very carefully. As far as your other littany of problems, I again suggest that you discuss them on [email protected] or, if you wish to help improve the documentation, [EMAIL PROTECTED] Finally, to repeat what I have already said, the real bug here, and the reason you had to spend so much time on this, is that Redhat is distributing poorly configured software. They should not be enabling suexec by default. There is nothing we can do about that. I encourage you to file a bug report with Redhat. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
