httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: WWW Form Bug Report: "security hole, webmaster has the root privilage when running perl script" on Solaris 2.x
Date Wed, 07 Aug 1996 18:40:35 GMT

Sounds to me as though you've set it up wrong. Check the user and group
directives in httpd.pid

regards,
rob

>Submitter: george@dakotacom.net
>Operating system: Solaris 2.x, version: 
>Version of Apache Used: 1.1
>Extra Modules used: 
>URL exhibiting problem: http://www2.dakotacom.net/dakotacom/cgi-bin/fm/fm.pl
>
>Symptoms:
>--
>We wrote a file manager in perl (no setuid stuff)
>And it is able to remove file belong to root 
>under the document root.
>I started the httpd server from root and run as
>webmaster. Big hole!
>--
>
>Backtrace:
>--
>
>--


-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message