Before blindly screaming "It's broken!", think about *why* you need
suexec first. If you aren't going to use it, then don't bother enabling
it. I run configurations with a heavily modified (for values, not for
additional defines or typedefs) apache_[ver]/src/include/httpd.h. These
typically have SUEXEC_BIN linked to /dev/null as well as SHELL_PATH.
The reasoning is pretty obvious; if I'm not going to use it, why should
I leave even a remotely possible attack point in the server if I lose my
mind and do Something Stupid [tm]?
Apache allows for large amounts of tweaking. There are some things
which are prudent to disable if you're not going to use them. (where
"disable" means: "no, you *can't* change this behaviour without
rebuilding the executable"). The bulk of the folks out there will *not*
get suexec calls right, which, more often than not, will put a nice, big
security hole in the box. I don't point SHELL_PATH to anything but
/dev/null since I don't use anything but mod_perl environments. YMMV.
Be alert, the world needs more lerts.
--dsp
"Robert L. Yelvington" wrote:
>
> regarding 'suexec'..
>
> you must have misconfigured suEXEC when you compiled...where is your
> suexec log file .AND. what does it say .OR. what other useful suexec log
> information can you forward to the list?
>
> your configure flags would also be helpful...
>
> thanx,
> rob
>
> John Markunas wrote:
> >
> > Hi
> > I do a httpd -l and get
> > compiled in modules
> > http_core.c
> > mod_so.c
> > suexec: disabled;invalid wrapper /usr/sbin/suexec
> >
> > Can someone tell me why I get the suexec error and what to do to
> > fix it ?*
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
