webserver cgi question

From: Rob McMillen (rvmcmilat_private)
Date: Sun Jan 26 2003 - 06:42:42 PST

  • Next message: George Dinwiddie: "Re: Standards for developing secure software"

    I am trying to create a cgi that potentially modifies firewall rules in 
    iptables.  Would anyone care to comment on the potential for letting a 
    webserver running as nobody execute code that requires root access?
    
    Should the cgi be setuid?
    Should the webserver modify a file that root's cron is constantly 
    monitoring?
    
    
    Thoughts?  Comments?
    
    Thanks in advance,
    
    Rob
    



    This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 09:33:14 PST