httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve" <steve...@iprimus.com.au>
Subject Re: [users@httpd] Re: CGI - Disable #!/bin/sh
Date Sun, 24 Nov 2002 04:55:03 GMT
Ok fair enough..

How do u install php as cgi?

Ive looked and looked but i cant find any install instructions

/Steve
----- Original Message -----
From: "Joshua Slive" <joshua@slive.ca>
To: <users@httpd.apache.org>
Sent: Sunday, November 24, 2002 2:27 PM
Subject: Re: [users@httpd] Re: CGI - Disable #!/bin/sh


>
>
> On Sun, 24 Nov 2002, Steve wrote:
>
> > Ive got it installed..
> >
> > but it there a way u can bypass the uid and gid checks..
> >
> > My Web users are not in /etc/passwd.. so suexec is spitting out invalid
> > user...
> >
> > Is there a way u can get apache to use a different passwd file or
somethig?
>
> No.  suexec is based on the unix security model.
>
> If you are not giving unix accounts to your users, then you really
> shouldn't be letting them run arbitrary cgi scripts.  There is no way
> you're going to be able to properly isolate them.
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message