httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <sam...@c2.org>
Subject Re: opinions on DoSetEUID
Date Tue, 12 Dec 1995 05:44:58 GMT
	I am pretty concerned with the security of it, as well. My
biggest fear is the switching back to euid nobody after processing a
request under someone else's uid. I haven't closely looked at the code
though, and was hoping someone else has gone through it closely.

> 
> > 	Have people installed DoSetEUID? Has it worked? My mod_ecash
> > would be much easier with DoSetEUID, but I'm curious to know if
> > it actually works well.
> > 
> > -- 
> 
> I have done some limited testing of it, and it seems to work.
> There are some real concerns that RST raises about security, and
> I got spooked on my main server when I started getting mail
> from root generated by the server... I'm still looking at how
> to make this as useful as it could be. Comments welcome on the
> security issue.
> 
> 
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org

Mime
View raw message