httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: setuid control WITHOUT running as root
Date Mon, 03 Jun 1996 13:01:41 GMT
-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 3 Jun 1996, Jason A. Dour wrote:
> On Sun, 2 Jun 1996, Nathan Neulinger wrote:
> >        sucgi.c: Ok, I see you are 'www', I'll let you run any script as any
> > user - I'm not talking about the apache module... The weakest link is the
> > sucgi.c executable.
> 
> 	I think you're misrepresenting this by simplifying too much.  In
. . .
> weakest link there is not sucgi.c, but the user -- as with all CGI.

	I just realized...  You're speaking of Randy's altered sucgi.c.  I
haven't looked at his changes yet.  Sorry for the confusion.  I was
referring to the one at my site... 

Jason
+ Jason A. Dour                       jad@bcc.louisville.edu               +
| Programmer Analyst II               http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbLiN5o1JaC71RLxAQHh7QP8DCTQJB5zspBzWGlfh3Fa7u6z3Oq22BtM
TPIy2t0sv0CFgT6OjzXW9M8PELdRfaOZtS384ZF9YLnE70nuoARbxzla1gb0djq2
Byjcq8/KhzZTcOvYdzRi3X9eqlALQqbG9A5HUG6TVtCsbaMui4dhdGSsWYtmk4Fd
7lbhy7mOuGo=
=joK0
-----END PGP SIGNATURE-----


Mime
View raw message