On Fri, 2003-05-30 at 13:36, Jeremy Portzer wrote: > Hello, > > I like to use Apache's su_exec feature to allow folks CGI access with as > much security as possible. (Yes, CGI access at all is a security > problem of some degree, I understand that.) However, su_exec always > fails when the CGI directory has group write permissions. Changing the > permissions to 755 for the directories and CGI files fixes this, but I > need the permissions to be 775. > > Is there any way to configure su_exec to allow group write permissions? > --Jeremy
Jeremy,
It has been a while since I've coded in C, but I'd hazard a guess that
around line 552 of support/suexec.c in the 2.0.46 distribution is what
you're looking for. I don't exactly see anything to pass to "configure"
though.
/*
* Error out if cwd is writable by others.
*/
if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
log_err("directory is writable by others: (%s)\n", cwd);
exit(116);
}
Michael
signature.asc
Description: This is a digitally signed message part
