Jeremy Huiskamp wrote: > No, I meant this: > "In order to work correctly, the suexec binary should be owned by > ``root'' > and have the SETUID execution bit set. OpenBSD currently does not in- > stall suexec with the SETUID bit set, so a change of file mode is neces- > sary to enable it..."
Thanks. Interesting. I thought SUID-root scripts were vulnerable to race condition-based vulnerabilities, among other things. Is that also the case for OpenBSD? If not, why? Alternately, how lame would it be to have one suexec per suexec-user and have each copy owned by that user? That would at least avoid having it operate as root. Regards, -Lars
