On Wed, Aug 11, 2010 at 18:24, David Ricar <r...@ethernet.cz> wrote: > Phil Howard wrote: >> >> For maintenance, it might be easier for you to make an suexec wrapper. >> Run your wrapper to do custom checks and if it decides to go on, it >> runs suexec. That way your maintenance is for your program, only, and >> you have to track a lot fewer changes to Apache code (basically just >> the suexec environment being passed along). > > Sorry, but I need clarification - is there a way to say to suexec to do > what it is forced to? So I could bypass the policy checks by something > on my own? > Thanks
By suexec wrapper, I mean a program you write which will be placed where Apache expects to find suexec. The real suexec will be moved to somewhere else (maybe "real-suexec" in the same directory). Your program will know where it is (and probably hard code that). Your program gets control instead of suexec. Your program can examine its environment and decide either to not run suexec, or to run suexec (and how to, perhaps fabricating a new environment for it), or to do something else, instead (maybe bypass suexec and run programs itself). If you want to bypass some check that suexec normally does, you can, as one approach, modify the environment to fake the situation such that the check done by suexec does not have any effect. I have not programmed around suexec any, recently, so I have forgotten the details of how it is run or configured. I would read the documentation and maybe even the source code to rediscover that (and also review past suexec driven CGI programs I still have around from when I did that). I do not recall, right now, just what checks suexec does. -- sHiFt HaPpEnS! --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
