httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@www.elsevier.co.uk>
Subject public_cgi-bin scripts
Date Mon, 17 Apr 1995 22:52:35 GMT

I got some random request today from someone asking how COMMA allows
public_cgi-bin scripts.  httpd can run scripts in the ~user's filespace,
but when doing so runs as root (under some configurations).  COMMA's
solution was to call a setuid(noone) wrapper before exec'ing the user's
script.

If you don't go to such elaborate ends, and you set up user scripting,
then you're doing something unsafe.  Sooo, are we documenting 'unsafe
practice to be avoided' along with our other docs, or could this behaviour
even be considered a bug to be squashed in 0.6.2?

I dunno if there's a httpd-admin FAQ anywhere.  Anyone seen one?

> rob

Ay.

Mime
View raw message