I'm currently involved in building a new webserver environment to
replace a 6 year old server running a large website with a fairly broken
publishing model.
One of the things we'd like to do is lock down PHP so that we're no
longer using mod_php running all as one user, and this means using
cgi mode under suexec. The kicker is that we can't use a separate vhost
for each department/publishing group for various political reasons.
Naturally, the suexec documentation says "do not edit this on pain of
death", etc, but we don't seem to have any choice if we want to support
suexec configuration local to the <directory> stanza. I can understand
why only virtualhosts were supported under 1.3, as suexec seems to be a
massive hack that co-opts the User and Group directives, but mod_suexec
under apache 2.2 seems much cleaner.
What I would like to know is, a) is there a big obvious answer to this
that I'm missing, and b) does the following diff for mod_suexec.c open
up subtle and terrifying security holes that we've managed to overlook?
63c63
< const char *err = ap_check_cmd_context(cmd,
NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
---
> const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
118c118
< AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
---
> AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL,
> RSRC_CONF|ACCESS_CONF,
Many thanks,
Ben
