httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: SetUID once again
Date Tue, 26 Mar 1996 00:06:07 GMT
  The issue would be that me "joe badguy" could copy a script into your
  web directory which would be executed as you and could be made to 
  wreak havoc on your files.

...if you've left the directory publically writable.  And if you've left
a file anyplace publically writable, he can overwrite that, plant a link,
and do whatever he wants in that situation, too.  What's the difference?

Also, if you're even calling your thing "ExecSUID", I really have to ask
again, why not just file-system suid bits?

rst

Mime
View raw message