Romain Francoise [EMAIL PROTECTED] said:
Then you'll have to recompile suEXEC to suit your needs, Debian cannot
support _every_ possible configuration and the default probably is the
most reasonable one since most people will have CGIs in the docroot.
Wait... what?
Sure, Debian can't support *every* configuration, but what's wrong with
supporting the default configuration that Debian ships with? (CGI
scripts - like php-cgi - in /usr/lib/cgi-bin)
Further, the situation where users have their files in the home
directories is pretty common. I'd go so far as to say that any other
layout is a contortion to work around this bug.
I can't come up with a single good reason for the suexec docroot to be
hard-coded to '/var/www' in Debian over a config file, or even hard coding
it to '/'. There's no obvious security advantage, in fact it forces people
to tamper with suexec themselves - which potentially introduces security
problems. At very least, not being able to blindly install security updates
to 'apache-common' is a problem.
This bug has been submitted something like 5 times. Having CGI scripts run
as their owner is an important bit of functionality that should just work,
but instead the user is forced to mess around with recompiling a basic
package to get this functionality. Why not fix this?
Am I missing something? Is this just an issue with not wanting to diverge
from upstream? What's the story here?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
