> Yes, the patch is here > http://mega.ist.utl.pt/~miguel/code/suexec+php.diff > > but just looking through the several errors in the comments and the general > hackish attitude in the code, I wouldn't recomend using it on production > servers without further auditing.
you are right, it is a hack. and he probably wasn't too careful with comments, but as you also noticed it is as trivial as it gets. > Is this patch submitted to the apache team? not that I know of. > It looks simple enough, but as it is in a vital security area (suexec) it > may bring big surprises later. that's the right attitude. all I can say is that has been used for about 16 months in a solaris 7 server with about 8000 users with mod_userdir for hosting personal homepages. Cheers, -- Pedro João Lopes Venda email: pjvenda at pjvenda org http://www.pjvenda.org
pgpSHLtiXlKdQ.pgp
Description: PGP signature
