Re: Compiling CERN httpd with static libs on Sol 2.4

• To: dorian@oxygen.house.gov (Dorian Deane)
• Subject: Re: Compiling CERN httpd with static libs on Sol 2.4
• From: gj@canarie.ca (G.J.W. Hagenaars)
• Date: Wed, 26 Jul 1995 20:22:34 -0400 (EDT)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <9507261406.AA14304@oxygen.house.gov> from "Dorian Deane" at Jul 26, 95 10:06:40 am

Apparently Dorian Deane wrote:
% 
% While I'm at it, does anyone have a wrapper to open up port 80
% (on a Unix machine) and then allow the use of setuid(nobody) on
% the daemon?  We've been living through the overhead of inetd
% to "solve" this problem.  The problem being that we don't want
% to trust the httpd code to do the setuid--we want to do it ourselves.
% I imagine it would be fairly simple to steal the relevant part of
% the inetd code, but if something is already out there...

ftp://ftp.win.tue.nl/pub/security/chrootuid1.2.shar.Z

Question from me: what is involved in setting up virtual web and are
there any security considerations?

Cheers,
G.J.W. Hagenaars, M.Sc. Math ----> Remembering Mike Carty 1968-1994
xx247@freenet.carleton.ca -------> Postmaster National Capital FreeNet
gj@canarie.ca -------------------> Software Installer CANARIE Inc.
gj@jdsfitel.com -----------------> UNIX System Administrator JDS FITEL Inc.

• general web security (was "Compiling CERN httpd...)
• From: dorian@oxygen.house.gov (Dorian Deane)

• Compiling CERN httpd with static libs on Sol 2.4
• From: dorian@oxygen.house.gov (Dorian Deane)

• Previous: Re: Compiling CERN httpd with static libs on Sol 2.4
• Next: Re: EuroCert
• Index(es):
  • Index
  • Thread