Re: CGI Scripts and Permissions

• To: Liz Stokes <ilaine@panix.com>
• Subject: Re: CGI Scripts and Permissions
• From: Paul Phillips <paulp@cerf.net>
• Date: Thu, 14 Mar 1996 09:38:59 -0800 (PST)
• cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199603141651.LAA16772@panix.com>

On Thu, 14 Mar 1996, Liz Stokes wrote:

> I hacked our server to run scripts as the uid of the owner. It gives the
> same effect as wrappers without the overhead.

[...] but with the added bonus that you get to run it as root all the 
time so it can switch UIDs.

This makes me sufficiently nervous that I'll take the overhead of CGIwrap,
which is small and readable, when I need different script UIDs.

--
Paul Phillips                                 | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net>                   |  have a graphical browser"
<URL:http://www.cerf.net/~paulp/>             |  -- Canter and Siegel, on
<URL:pots://+1-619-558-3789/is/paul/there?>   |  their short-lived web site

• Re: CGI Scripts and Permissions
• From: Liz Stokes <ilaine@panix.com>

• Re: CGI Scripts and Permissions
• From: Liz Stokes <ilaine@panix.com>

• Previous: Re: Netscape && FTP sites
• Next: Re: Netscape && FTP sites
• Index(es):
  • Index
  • Thread