Re: CGI security on a shared web server (fwd)

• Previous message: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• In reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Next in thread: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Next in thread: Pavel Kankovsky: "Re: CGI security on a shared web server (fwd)"
• Reply: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lee E. Brotzman wrote:

> In general, you don't have to have suEXEC to run setuid programs. If
> you can set the permission bits on CGI scripts on your shared web
> server, you can turn on the setuid bit for those few CGI scripts you
> need to have setuid.

I don't know about other Unices, but Linux deliberately doesn't
support setuid scripts (a wise move, IMHO). Perl attempts to
re-introduce the problem via the setuid "suidperl" binary, but many
sysadmins will disable that (again, a wise move, IMHO).

Finally, many virtual hosting providers solve both the problems
associated with running all CGI scripts as "nobody" and the potential
risks of suEXEC by simply not permitting users to upload CGI scripts
at all. If you want to run your own CGI scripts, you have to rent a
separate server.

-- 
Glynn Clements <glynn.clementsat_private>

• Next message: aleph1at_private: "Cyclone: A Safe Dialect of C"
• Previous message: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• In reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Next in thread: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Next in thread: Pavel Kankovsky: "Re: CGI security on a shared web server (fwd)"
• Reply: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 24 2002 - 13:44:22 PDT