what about patching suexec?

Lem0nHead

Verified User
Joined
Nov 28, 2004
Messages
265
hello

there's a boring thing about suexec
it verify if the user/group of the file to be executed is the same as the user/group of the directory this file is in

the problem:
files on public_html/ are user:user
and public_html/ is user:apache

cPanel uses a patch to circunvent that
http://www.google.com/search?q=SUEXEC_TRUSTED_USER

since it's a patch done by Sabri Berisha (and just modified by nick), you shouldn't have problems using it

just don't commit the same mistake ( http://lists.virus.org/bugtraq-0406/msg00090.html )

may i expect this patch?
 
Back
Top