httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: WWW Form Bug Report: "cgi-bins executed as a random user id" on
Date Sat, 11 Nov 1995 09:20:22 GMT
> 
> > 
> > 
> > Is the use of "User" allowed in this way?
> > ..looks dubious to me.
> > 
> > 
> 
> No, but it would be really cool if it did....

To do this, Apache would have to do its listen/accept as root. This is
supposedly security risk, but since it can change user before reading anything
from the socket, it seems to me that the possibility of subversion is fairly
minimal.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk
A.L. Digital Ltd,
London, England.

Mime
View raw message