On Thu, Oct 20, 2016 at 9:53 AM, Lukas Erlacher wrote:
> I'm now entirely at a loss as to what's going on on my webserver. Does
> mod_userdir implicitly enable suexec? Did the Ubuntu maintainers screw up
> and compile it in with apache?
It doesn't implicitly enable it, but it does tell mod_cgid t
So this is weird...
In response to
I didn't see any info mod_suexec_custom, but suexec
should not be running until long after the socket communication
between httpd and cgid is over. What talks to cgid in this case that
doesn't have a www-data userid?
I was going to tell you "Well, if I don
On Thu, Oct 20, 2016 at 5:06 AM, Lukas Erlacher wrote:
> Now, getting back to the statement in the apache docs: Is this a security
> violation / vulnerability? What can an attacker do with that socket other
> than execute arbitrary programs on the machine using their own permissions
> (plus www-da
Hello,
I am running an apache 2.4 server (2.4.18-2ubuntu3.1) on Ubuntu 16.04
with mod_userdir, mod_suexec_custom, mod_cgid and php5.6-cgi.
Users can place arbitrary documents and scripts in their userdirs and
are not considered trusted, so should not be able to interfere with
anything except
Thanks Yehuda.
From: Yehuda Katz [mailto:yeh...@ymkatz.net]
Sent: 19 October 2016 17:44
To: users@httpd.apache.org
Subject: Re: [users@httpd] Query results display problem in Fuseki v2.4.0 web UI
It looks like you are asking about some other product (maybe Apache Jena?), but
not HTTPD.
This list
