On 2016-03-30 16:35, Jacob Champion wrote:
Sorry, but that is not a good approach. You must assume that a local
attacker calls suexec directly and passes arguments of his liking.
That is the attack vector that suexec's rather annoying restrictions
try to avoid.
Checking my own understanding...
On 2016-03-30 14:49, Stefan Fritsch wrote:
On Saturday 19 March 2016 11:09:40, montt...@heavyspace.ca wrote:
Since its been a while since this issue was mentioned, this patch
allows Apache to suexec files by a different (but still restricted
by UID) owner, to avoid the security issue where
On Fri, Apr 1, 2016 at 11:49 AM, Yann Ylavic wrote:
> On Fri, Apr 1, 2016 at 6:36 PM, Luca Toscano
> wrote:
> >
> > +1, let's concentrate on 2.4 :)
>
> You know, there is still many 2.2 around, and some people may have
> backported 2.4 fixes to 2.2
2016-04-01 16:32 GMT+02:00 Eric Covener :
> On Fri, Apr 1, 2016 at 10:05 AM, Luca Toscano
> wrote:
> > Yep I thought what was best too and decided to commit on trunk to gather
> > some feedback. The Bug is low severity but as stated in users@ the
> >
On Fri, Apr 1, 2016 at 10:05 AM, Luca Toscano wrote:
> Yep I thought what was best too and decided to commit on trunk to gather
> some feedback. The Bug is low severity but as stated in users@ the
> documentation says X and httpd does the opposite, getting people confused.
Hi Eric and Rüdiger,
2016-04-01 15:59 GMT+02:00 Rüdiger Plüm :
>
>
> On 04/01/2016 03:48 PM, Eric Covener wrote:
> > I am -0.9 on this info in the manual, for a relatively low severity bug.
>
> +1. We don't do this kind of stuff in the documentation. This is what
> CHANGES and
On 04/01/2016 03:48 PM, Eric Covener wrote:
> I am -0.9 on this info in the manual, for a relatively low severity bug.
+1. We don't do this kind of stuff in the documentation. This is what CHANGES
and Bugzilla are for.
Regards
Rüdiger
>
> On Fri, Apr 1, 2016 at 9:31 AM,
I am -0.9 on this info in the manual, for a relatively low severity bug.
On Fri, Apr 1, 2016 at 9:31 AM, wrote:
> Author: elukey
> Date: Fri Apr 1 13:31:28 2016
> New Revision: 1737382
>
> URL: http://svn.apache.org/viewvc?rev=1737382=rev
> Log:
> Added warning for