httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: WIN32 CGI - SECURITY THREAT - 4 OF 4
Date Tue, 26 Jan 1999 01:49:36 GMT
In a message dated 99-01-26 00:36:27 EST, you write:

> So, this is not a security hole you're describing then. Nor is this
>  really a win32 specific problem in the way you're describing it.

It's both. There ARE issues that are obviously Win32 specific and
depending on your expectations of  what a piece of communciations
software running on your box should or should not do... it can
be viewed as a security 'hole'.

>  You are looking for a way to change the standard restrictions on
>  users and CGI access without opening up your server.

I, personally, am not looking for anything. I run INTRA-NET only 
and all users are trusted. ( And a good thing ).

If OTHERS to whom these issues apply more directly don't care
then don't look at me to carry the banner.

>  I would suggest a port of suexec to Windows instead (though I really
>  don't understand the implications on that platform).
>  Manoj

Exactly. Not understanding the implications of porting UNIX stuff
to Windows is probably the root issue here.

View raw message