httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: SetUID once again
Date Tue, 26 Mar 1996 00:21:24 GMT
>   The issue would be that me "joe badguy" could copy a script into your
>   web directory which would be executed as you and could be made to 
>   wreak havoc on your files.
> 
> ...if you've left the directory publically writable.  And if you've left
> a file anyplace publically writable, he can overwrite that, plant a link,
> and do whatever he wants in that situation, too.  What's the difference?
> 
> Also, if you're even calling your thing "ExecSUID", I really have to ask
> again, why not just file-system suid bits?
> 
> rst

You may not have seen my response to this question....

The ability to offer a script to the server that is readable only
by me is a very nice feature.






Mime
View raw message