At 03:53 PM 6/24/2016 +0200, Ben RUBSON wrote:
On 2016-06-08 at 14:24, Nick Kew wrote :
> On Wed, 2016-06-08 at 08:01 -0400, Eric Covener wrote:
>> On Sat, Apr 16, 2016 at 6:00 PM, Ben RUBSON <ben.rub...@gmail.com> wrote:
>>> Then my question is, could it be possible ?
>>
>> You would need your own daemon launched during an early hook (like
>> post_config).  You wouldn't be able to respond [directly] to requests,
>> you'd need to reach out over something like a pipe the way rewritemap
>> does.
>>
> A hacked suexec would be a per-request option.  Or using
> solaris and mod_privileges might just possibly help with
> more fine-grained escalation.

Nick, thank you very much for your answer, and sorry for my late reply.

I red suexec source code, it gave me some ideas :
I could write my own setuid-ed program which would :
- setuid(<user_id>)
- only perform the needed tasks under <user>
- exit
This program could be then called from any other custom module etc...

Maybe esoteric, possibly off-topic for this precise thread, but would mod-itk be potentially useful? I looked into it a few years back, it *seemed* to do what was promised, but also carried a fairly major cpu-cycle overhead. I didn't have time to try and refine implementation and never put it into production...

Best -- Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to