Bug 56750 - SuexecUserGroup replacement
Summary: SuexecUserGroup replacement
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_fcgid (show other bugs)
Version: 2.4.10
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-20 16:58 UTC by phpfpm1
Modified: 2015-10-26 16:57 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description phpfpm1 2014-07-20 16:58:58 UTC 
Bug #37564 requires an enhacement for SuexecUserGroup to be allowed in Directory context: https://issues.apache.org/bugzilla/show_bug.cgi?id=37564. But wouldn't it be better for mod_fcgid to have it's own setting to set the user/group like suPHP or mod_ruid2 have? (suPHP_UserGroup, RUidGid, that are both allowable in Directory context). For now only mod_fcgid requires workarounding for problems like that: http://mail-archives.apache.org/mod_mbox/httpd-dev/201205.mbox/%3CCA+-XxSFMS0YRmZZitL0X-sgVGZBvxfZvrt57hH163DabrZ_N2g@mail.gmail.com%3E
Comment 1 Dave 2015-10-26 16:55:44 UTC 
This patch would allow any user to specify running code as any other user. The best way to describe this is "bloody stupid" (that's the polite description). Watching this to ensure this idiocy doesn't get applied by accident on an off day!
Comment 2 Dave 2015-10-26 16:57:32 UTC 
Comment was in regards to Bug #37564, no idea why its ended up here (apart from following own comment in being stupid)