[Previous] [Next] [Index]
[Thread]
Re: CGI Scripts and Permissions
Paul Phillips wrote:
>
>
>
> On Thu, 14 Mar 1996, Liz Stokes wrote:
>
> > I hacked our server to run scripts as the uid of the owner. It gives the
> > same effect as wrappers without the overhead.
>
> [...] but with the added bonus that you get to run it as root all the
> time so it can switch UIDs.
What? Nonsense. It does a seteuid instead of a setuid at the outset and
runs as 'web'. If it is going to exec a script it first sets uid back to 0,
if that fails it dies. If successful, it does a setuid (not euid) to the
script owner (unless that is 0 of course) also dying on failure. Only if
uid == ownerid does it agree to exec.
--
Liz Stokes
ilaine@panix.com
Follow-Ups:
References: