www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.org
Subject Re: suexec/2868: Apache allows execution of setuid cgi's without suexec installed.
Date Tue, 18 Aug 1998 20:25:28 GMT
Synopsis: Apache allows execution of setuid cgi's without suexec installed.

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Tue Aug 18 13:25:26 PDT 1998
State-Changed-Why:
Erm... yea, so?

That is the way Unix has always worked.  If a program is
setuid then it executes by the user it is setuid to.  That
isn't a bug or a feature in Apache, but just the way things
are on Unix.

Note that this also allows others to excute it setuid
to whatever user you setuid it to, which can lead to
security issues if your CGI isn't secure.


Mime
View raw message