I have a patch prepared. Attached is what I got so far, and seems to be working fine. (It's the modified .dpatch file, not a patch to a dpatch).
So now a third line in /etc/apache2/suexec/www-data is supported, being a cgi_docroot. Scripts inside this cgi_docroot, and owned by root are allowed to be executed by the target user. I believe this addition will be very useful. On the other hand I understand you want to stick to suexec as close as possible. You have to realize though that many people patch suexec themselves because their distro doesn't deliver something more usable. It's probably more secure to have one widely used patched version inside the distro than having many different locally patched versions. Alexander -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
