Re: Apache suexec

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Wed, 24 Oct 2001, Stefanos Harhalakis wrote:

>  Suppose we have mingid==100 and a user with gid==0 which belongs to groups 
> 123,234,345. Suexec will no execute and script for this user.
>
>  Now suppose we have the same user with gid==123 which belongs to groups0 
> ,234,345. Suexec will execute any cgi without problem. The running cgi will 
> be a member of all those groups.

suexec does not check supplementary groups. It could do it but I do not
think it is a serious problem--the motivation behind the checks is to
avoid accidental invocation of CGI programs running under root or other
special accounts.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."