httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: Apache secure CGI bin patch (fwd)
Date Thu, 14 Sep 1995 08:25:51 GMT
Re the SETUID patch.

It seems to me that this violates rule 1 of security; "Thou shalt run as root
for no longer than is absolutely necessary".

On the other hand, if a sysadmin understands the issues, why not let them do

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: (preferred)
A.L. Digital Ltd,         (backup)
London, England.

[Note for the paranoid: "fear" as in "Fear and Loathing
in Las Vegas", "demon" as in Demon Internet Services, a
commercial Internet access provider.]

View raw message