httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 21:47:46 GMT
  There really isn't much in this wrapper that can be misconfigured.
  I'm for keeping it as simple as possible.

"Everything should be made as simple as possible, but no simpler".  
The sucgi wrapper is too simple.

  There are a fair number of checks in sucgi already. 

But we're talking about a situation in which the attacker already has
an account on the machine (authorized user attempting to subvert another
authorized user), and is invoking the wrapper *directly* to do so.  That
makes any checks performed by sucgi, or anything else in the web server,
irrelevant, since it is simply not in the picture.

rst

Mime
View raw message