httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: Authentication
Date Tue, 04 Jun 1996 20:22:00 GMT
  > This means, in particular, that you are comfortable with all non-suid
  > CGI scripts on your systems (if you have any) running as root, and not
  > as www.  I have real trouble buying into that...

  Sorry? I don't quite get this?

If the web server runs CGI scripts, and does not switch uids to do so,
then the scripts run under *its* uid, which you have declared to be
"as sacred and dangerous as root".

rst

Mime
View raw message