httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <sam...@c2.org>
Subject Re: mod_actions (patch and questions)
Date Fri, 15 Dec 1995 00:56:26 GMT
> 
> BTW - could someone in the know please take a look at the SetEUID
> patch to see if we can spot a security problem here. This really
> seems to me the kewl way to secure CGI, but I am not certain about
> the impact on security WRT these seteuid calls.

	I will try looking it over. A few things to look for:
race conditions
symlinks (stat vs. lstat)
use of access()

	A big issue I think is that some peopl e(myself included) put
things in the public_html and chmod 700 them until they want to make
them public. This would break that, and adequate warnings should be
attached, as well.

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org

Mime
View raw message