[Rt-devel] FastCGI, SetGIDness and Taint mode

[Jesse Vincent]

>    I personally have a dedicated apache instance for RT,
>    and I just set the group of the server to 'rt', and that
>    avoids exactly this taint problem.  Another option is to
>    supply a tiny C wrapper that is, itself, suid root.

Well, we don't need _that_ much rope. Just setgid 'rt' ;)

But apache's "suexec" functionality can do this for end-users without
needing to do a custom build for RT.

>    Its whole purpose is to change egid and rgid to 'rt'
>    and then exec the fastcgi handler.  I believe, if
>    egid==rgid, perl will not turn on taint mode.
 
Correct.


--