Date: Fri, 22 Jan 1999 11:25:36 -0800 (PST) From: "Sumbry][" <sumbry@ahnet.net> To: Richard Coleman <coleman@math.gatech.edu> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Frontpage and/or Firewalls Message-ID: <Pine.GSO.4.00.9901221117450.23688-100000@control.ahnet.net> In-Reply-To: <199901211546.KAA00460@math.gatech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1. We are trying to get the suexec program and the Frontpage
> module play nice with each other on a FreeBSD boxy. Since
> they are both wrappers, I need to get Apache to pick one or
> the other to call. Has anyone done this? Is it better to
> hack Apache or suexec?
We've actually done this. Personally, I think it's better to hack Apache
and not suexec. Basically, all we did was modified the Apache procedure
that calls the SUEXEC wrapper, so that if the CGI to be called is the
Frontpage path, then *don't* use SUEXEC, instead just call it directly.
This basically involves modifying the src/main/util_script.c file under
Apache and modifying ...
if (ap_suexec_enabled
&& ((r->server->server_uid != ap_user_id)
|| (r->server->server_gid != ap_group_id)
|| (!strncmp("/~", r->uri, 2)))) {
so that you use a strncmp somewhere in there to check for the path to
fpexe in the CGI call, and if it exists, then to *not* use SUEXEC.
This works fine for us, and we've had no problems w/FP. I think the main
problem stems from the fact that frontpage tries to do the same thing suexec
does (IE: su'ing to the id of a specific user when a CGI is run). You
obviously can't have two programs try to co-exist that do the same thing
(especially since suexec wont run suid programs, and even if you modified it
to do so, you're still asking for trouble).
Sorry I can't help w/#2, no experience w/firewalls. heh.
-----
Sumbry][ | Affinity Hosting | http://affinity.net | sumbry@affinity.net
"Run, run, fast as ya can, ya can't catch me, I'm the Gingerbread Man."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.00.9901221117450.23688-100000>