httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: WWW Form Bug Report: "cgi-bins executed as a random user id" on BSDI (fwd)
Date Sat, 11 Nov 1995 18:55:14 GMT
	A workaround, it seems, would just to run multiple servers
with different 'User' lines, and use the BindAddress command.

>   No, but it would be really cool if it did....
> Unfortunately, it's really hard to implement.  Basically, the problem is
> that the server processes would have to run as root until they figured out
> which user's permissions to adopt and then (if we want to keep the pre-forking
> model of operation) switch back.  This would make whatever security holes
> might exist more dangerous (compromising root directly, rather than the www
> dummy uid); the details are also somewhat less than portable, as we've been
> through before.
> rst

sameer						Voice:   510-601-9777
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376 (or login as "guest")

View raw message