On 9/19/05, Oscar Haeger <[EMAIL PROTECTED]> wrote: > What I'd like to know is if SuExec somehow prevents me from running scripts > via > symlinks. > I have a webserver with SuExec installed and I'd like to be able to run > scripts > that resides in other peoples cgi-bin directories. I've tested this but > haven't > been able to get it to work.
Well, yeah. Allowing anything symlinked to get executed by suexec would violate the basic security model. I agree that neither the error message nor the docs are very explicit about this, but I think the assumption is that security-minded people will know that a program like suexec must forbid symlinks to do its job. If you know a little c, then reading the suexec.c source code makes things clear: /* * Error out if we cannot stat the program. */ if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) { log_err("cannot stat program: (%s)\n", cmd); exit(117); } Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]