Received: (from majordom@localhost)
	by hyperreal.com (8.8.5/8.8.5) id FAA29650;
	Thu, 19 Jun 1997 05:37:23 -0700 (PDT)
Received: from valis.worldgate.com (marcs@valis.worldgate.com [198.161.84.2])
	by hyperreal.com (8.8.5/8.8.5) with ESMTP id FAA29644
	for <new-httpd@apache.org>; Thu, 19 Jun 1997 05:37:20 -0700 (PDT)
Received: from localhost (marcs@localhost)
	by valis.worldgate.com (8.8.5/8.8.5) with SMTP id GAA26573
	for <new-httpd@apache.org>; Thu, 19 Jun 1997 06:37:19 -0600 (MDT)
Date: Thu, 19 Jun 1997 06:37:19 -0600 (MDT)
From: Marc Slemko <marcs@worldgate.com>
To: new-httpd@apache.org
Subject: Re: [PATCH] a different approach to setuid scripts
In-Reply-To: <Pine.LNX.3.95dg3.970618234040.5469A-100000@twinlark.arctic.org>
Message-ID: <Pine.BSF.3.95q.970619063639.26546A-100000@valis.worldgate.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

And the pessimistic would say that is because Linux's threads are too
heavy...

On Wed, 18 Jun 1997, Dean Gaudet wrote:

> Only linux that I know of allows threads to run as different uids. 
> 
> Dean
> 
> On Wed, 18 Jun 1997, Marc Slemko wrote:
> 
> > On Wed, 18 Jun 1997, Randy Terbush wrote:
> > 
> > > 
> > > He has chosen the path of setting effective UIDs, which was 
> > > originally not acceptable. My feelings haven't changed much in that 
> > > regard. Would someone else like to comment?
> > > 
> > 
> > Easy to do, lets you do a lot more (like access web pages as
> > different users, not just run scripts) but it ain't secure.  It
> > would also probably tend to introduce too many hassles in a 
> > threaded world, no?
> > 
> > 
>