> Lee E. Brotzman said: > > If suexec had an option for specifying which CGI programs to run setuid, then > I agree that it is a decent wrapper program. Until then, I ain't agonna use it. Well, it CAN be specified on a VirtualHost basis. It wouldn't have to apply to all CGI programs on the server. Also, this is a pretty small-beans web site, else it wouldn't be running on a shared server. If I had a dedicated server, I wouldn't need the capability. I'm still not sure what risk the server owner runs other than the fact that a misbehaving CGI would run in my account rather than as nobody. I suppose this offers more privileges, but, as a user on a shared server, I don't have a lot of privileges, anyway. The suggestion to use a userid set up expressly for the purpose (sharing my usergroup, I imagine) does have some appeal. The datafiles could then have group read/write privileges, but the setuid user could be restricted with no shell. - George -- ---------------------------------------------------------------------- George Dinwiddie gdinwiddieat_private The gods do not deduct from man's allotted span those hours spent in sailing. http://www.Alberg30.org/ ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 15:37:48 PDT