Linux Archive - Bug#614813: ITP: suexec-conf -- Fully configurable apache suexec binary

Linux Archive (http://www.linux-archive.org/)

- Debian Development (http://www.linux-archive.org/debian-development/)

- - Bug#614813: ITP: suexec-conf -- Fully configurable apache suexec binary (http://www.linux-archive.org/debian-development/493197-bug-614813-itp-suexec-conf-fully-configurable-apache-suexec-binary.html)

Bug#614813: ITP: suexec-conf -- Fully configurable apache suexec binary

Package: wnpp
Severity: wishlist
Owner: Alexander Gerasiov <gq@debian.org>

* Package name : suexec-conf
Version : 0.0.1
Upstream Author : Alexander Gerasiov <gq@cs.msu.su>
* URL : https://github.com/gerasiov/suexec-conf
* License : Apache
Programming Lang: C
Description : Fully configurable apache suexec binary

Original suexec do some strict checks on start up to provide some security.
This checks are really good, but unfortunately the only way you can configure
it - recompile from sources.

Another problem of original suexec is that is requires that running script
should be owned by the same user suexec setuids to. But there are situation,
when you want different users be able to run shared script (owned by root for
security), or you may want to setup wrapper for some file's types (e.g.
/usr/bin/php-cgi for .php) which is common for all users. In such cases
original suexec will not work, but suexec-conf will do.

suexec-conf is the configurable version of classical suexec from apache.

For now it allows you to configure everything, you could configure for
classic suexec on compile time. And it also support always_allow option where
you could list scripts/command which should be owned by root, but not the user
suexec setuids to.

--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110223155430.31737.73336.reportbug@vice.lan">htt p://lists.debian.org/20110223155430.31737.73336.reportbug@vice.lan

Bug#614813: ITP: suexec-conf -- Fully configurable apache suexec binary

On Wed, 23 Feb 2011 at 18:54:30 +0300, Alexander Gerasiov wrote:
> Description : Fully configurable apache suexec binary

How does this differ from apache2-suexec-custom, which is provided by a
Debian-specific patch in apache2?

> or you may want to setup wrapper for some file's types (e.g.
> /usr/bin/php-cgi for .php) which is common for all users

One workaround for that case is for the user to own a copy of this script:

#!/bin/sh
exec /usr/bin/php-cgi "$@"

S

--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110223163920.GA7610@reptile.pseudorandom.co.uk"> http://lists.debian.org/20110223163920.GA7610@reptile.pseudorandom.co.uk