[Bug 629633] Re: suexec should be configured to use /home as its docroot
Stefan Fritsch
sf at sfritsch.de
Fri Sep 3 19:54:09 BST 2010
Using /home as suexec docroot is a big no-no from a security point of
view. It will create local privilege escalation vulnerabilities in many
situations. If you don't want to use /var/www you should probably use
directories under /srv.
In any case, the above howto is outdated. Nowadays there is the apache2
-suexec-custom package which allows to set the suexec docroot without
recompiling. But you should read the security advice in the suexec man
page that is contained in that package.
** Changed in: apache2 (Ubuntu)
Status: Triaged => Invalid
--
suexec should be configured to use /home as its docroot
https://bugs.launchpad.net/bugs/629633
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list