| 1 |
> Yes, the patch is here |
| 2 |
> http://mega.ist.utl.pt/~miguel/code/suexec+php.diff |
| 3 |
> |
| 4 |
> but just looking through the several errors in the comments and the general |
| 5 |
> hackish attitude in the code, I wouldn't recomend using it on production |
| 6 |
> servers without further auditing. |
| 7 |
|
| 8 |
you are right, it is a hack. and he probably wasn't too careful with comments, |
| 9 |
but as you also noticed it is as trivial as it gets. |
| 10 |
|
| 11 |
> Is this patch submitted to the apache team? |
| 12 |
|
| 13 |
not that I know of. |
| 14 |
|
| 15 |
> It looks simple enough, but as it is in a vital security area (suexec) it |
| 16 |
> may bring big surprises later. |
| 17 |
|
| 18 |
that's the right attitude. all I can say is that has been used for about 16 |
| 19 |
months in a solaris 7 server with about 8000 users with mod_userdir for |
| 20 |
hosting personal homepages. |
| 21 |
|
| 22 |
Cheers, |
| 23 |
-- |
| 24 |
|
| 25 |
Pedro João Lopes Venda |
| 26 |
email: pjvenda at pjvenda org |
| 27 |
http://www.pjvenda.org |
Archives