httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: mod_actions (patch and questions)
Date Fri, 15 Dec 1995 00:56:26 GMT
> BTW - could someone in the know please take a look at the SetEUID
> patch to see if we can spot a security problem here. This really
> seems to me the kewl way to secure CGI, but I am not certain about
> the impact on security WRT these seteuid calls.

	I will try looking it over. A few things to look for:
race conditions
symlinks (stat vs. lstat)
use of access()

	A big issue I think is that some peopl e(myself included) put
things in the public_html and chmod 700 them until they want to make
them public. This would break that, and adequate warnings should be
attached, as well.

sameer						Voice:   510-601-9777
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376 (or login as "guest")

View raw message