+--Jay Soffian <jayat_private> once said: | | |Obviously, you want to either make verity_path_post something less |obvious than ".orig" or you want to suid the wrapper to some |unprivledged user and make the ".orig" file executable by only that |user. | |Duh. Last message, I promise. My brain isn't working today. suid (or sgid) is a terrible idea. Using something other than '.orig' works, but that's security by obscurity. Probably, you are best using a <files> section (or equiv if not Apache) to protect the '.orig' binaries. j. -- Jay Soffian <jayat_private> UNIX Systems Administrator 404.572.1941 Cox Interactive Media
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:19 PDT