httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@aaaaaaaa.demon.co.uk>
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 23:42:15 GMT
>   The sucgi wrapper is too simple.
> 
> Hmmm... before things get too heated, I'd better substantiate this
> with an example of an attack which, I think, would work with the
> sucgi wrapper, even after we tossed in Nathan's "owner == uid to
> switch to" check.  

Yum, nice one.

> rst

Ay.

Mime
View raw message