\subsection{suEXEC}
\begin{frame}
\frametitle{Serving static content}
\begin{itemize}
\item The \texttt{apache} user does not have permission to read the
user's files directly.
\item Both static and dynamic content is served through suEXEC.
\end{itemize}
\end{frame}
\begin{frame}[fragile,t]
\begin{enumerate}
\item \texttt{/etc/httpd/conf.d/execsys.conf} is configured to serve
static content with the \texttt{cgi-script} handler.
\end{enumerate}
\begin{footnotesize}
\begin{semiverbatim}
SetHandler cgi-script
Options +ExecCGI
SetHandler cgi-script
Options +ExecCGI
\ldots
SetHandler cgi-script
Options +ExecCGI
SetHandler cgi-script
Options +ExecCGI
\ldots
\end{semiverbatim}
\end{footnotesize}
\end{frame}
\begin{frame}[fragile,t]
\begin{enumerate}
\addtocounter{enumi}{1}
\item \texttt{openafs/src/afs/VNOPS/afs\_vnop\_access.c} is modified
to mark \emph{all} files as executable (!).
\end{enumerate}
\begin{footnotesize}
\begin{semiverbatim}
int
afs_access(OSI_VC_DECL(avc), register afs_int32 amode,
struct AFS_UCRED *acred)
\{
register afs_int32 code;
struct vrequest treq;
struct afs_fakestat_state fakestate;
OSI_VC_CONVERT(avc);
AFS_STATCNT(afs_access);
+ amode = amode & ~VEXEC;
afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
ICL_HANDLE_OFFSET(avc->m.Length));
\ldots
\}
\end{semiverbatim}
\end{footnotesize}
\end{frame}
\begin{frame}[fragile,t]
\begin{enumerate}
\addtocounter{enumi}{2}
\item \texttt{httpd/support/suexec.c} is modified to dispatch static
content to \texttt{/usr/local/bin/static-cat}.
\end{enumerate}
\begin{footnotesize}
\begin{semiverbatim}
+#define STATIC_CAT_PATH "/usr/local/bin/static-cat"
+static const char *static_extensions[] = \{
+ "html",
+ "css",
+ \ldots
+\}
+
int main(int argc, char *argv[])
\{
\ldots
+ if (is_static_extension(cmd)) \{
+ argv[2] = STATIC_CAT_PATH;
+ execv(STATIC_CAT_PATH, &argv[2]);
+ log_err("(%d)%s: static_cat exec failed (%s)\\n", errno,
+ strerror(errno), argv[2]);
+ exit(255);
+ \}
\end{semiverbatim}
\end{footnotesize}
\end{frame}