Overview

File permissions-suexec-bsc951765.patch of Package permissions

commit d7a65302c469501961ca2170dfd1a7d2d8016171
Author: Marcus Meissner <meissner@suse.de>
Date:   Thu Oct 29 10:38:01 2015 +0100

    add suexec with 0755 to all standard profiles. this can and should
    be overridden in permissions.local if you need it setuid root.
    bsc#951765 bsc#263789

diff --git a/permissions.easy b/permissions.easy
index 2d658db..a9be696 100644
--- a/permissions.easy
+++ b/permissions.easy
@@ -375,3 +375,12 @@
 # radosgw (bsc#943471)
 /usr/bin/radosgw					root:www	0750
  +capabilities cap_net_bind_service=ep
+#
+# suexec is only secure if the document root doesn't contain files
+# writeable by wwwrun. Make sure you have a safe server setup
+# before setting the setuid bit! See also
+# https://bugzilla.novell.com/show_bug.cgi?id=263789
+# http://httpd.apache.org/docs/trunk/suexec.html
+# You need to override this in permissions.local.
+#
+/usr/sbin/suexec2            				root:root       0755
diff --git a/permissions.paranoid b/permissions.paranoid
index 1c99ec6..5fcfa4a 100644
--- a/permissions.paranoid
+++ b/permissions.paranoid
@@ -381,3 +381,12 @@
 
 # radosgw (bsc#943471)
 /usr/bin/radosgw					root:root	0755
+#
+# suexec is only secure if the document root doesn't contain files
+# writeable by wwwrun. Make sure you have a safe server setup
+# before setting the setuid bit! See also
+# https://bugzilla.novell.com/show_bug.cgi?id=263789
+# http://httpd.apache.org/docs/trunk/suexec.html
+# You need to override this in permissions.local.
+#
+/usr/sbin/suexec2            				root:root       0755
diff --git a/permissions.secure b/permissions.secure
index d30401f..91c7524 100644
--- a/permissions.secure
+++ b/permissions.secure
@@ -410,3 +410,13 @@
 # radosgw (bsc#943471)
 /usr/bin/radosgw					root:www	0750
  +capabilities cap_net_bind_service=ep
+
+#
+# suexec is only secure if the document root doesn't contain files
+# writeable by wwwrun. Make sure you have a safe server setup
+# before setting the setuid bit! See also
+# https://bugzilla.novell.com/show_bug.cgi?id=263789
+# http://httpd.apache.org/docs/trunk/suexec.html
+# You need to override this in permissions.local.
+#
+/usr/sbin/suexec2            				root:root       0755
openSUSE Build Service is sponsored by
Places