httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@liege.ICS.UCI.EDU>
Subject Re: Oops explained
Date Fri, 12 Jul 1996 10:36:29 GMT
> So, I could add code to the PUT-handler to disable the child-check
> code if the PUT-handler itself is *not* running setuid --- is that
> what you're asking for?  (It's very easy, if so).

Yep, that's the ticket.

> (NB, for others, a consequence of this is that any CGI script could
> walk all over the PUT-able section of the filespace... Roy presumably
> deals with this by disallowing CGI except for trusted users).

Bingo!

.......Roy

Mime
View raw message