Re: CGI security on a shared web server (fwd)
From: George Dinwiddie (gdinwiddie@min.net)Date: 05/28/02
- Previous message: Antonomasia: "Re: CGI security on a shared web server"
- Maybe in reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: George Dinwiddie <gdinwiddie@min.net> To: leb@gmss.com (Lee E. Brotzman) Date: Tue, 28 May 2002 17:14:57 -0400 (EDT)
> Lee E. Brotzman said:
>
> If suexec had an option for specifying which CGI programs to run setuid, then
> I agree that it is a decent wrapper program. Until then, I ain't agonna use it.
Well, it CAN be specified on a VirtualHost basis. It wouldn't have
to apply to all CGI programs on the server.
Also, this is a pretty small-beans web site, else it wouldn't be
running on a shared server. If I had a dedicated server, I wouldn't
need the capability.
I'm still not sure what risk the server owner runs other than the
fact that a misbehaving CGI would run in my account rather than as
nobody. I suppose this offers more privileges, but, as a user on
a shared server, I don't have a lot of privileges, anyway.
The suggestion to use a userid set up expressly for the purpose
(sharing my usergroup, I imagine) does have some appeal. The
datafiles could then have group read/write privileges, but the
setuid user could be restricted with no shell.
- George
-- ---------------------------------------------------------------------- George Dinwiddie gdinwiddie@alberg30.org The gods do not deduct from man's allotted span those hours spent in sailing. http://www.Alberg30.org/ ----------------------------------------------------------------------
- Previous message: Antonomasia: "Re: CGI security on a shared web server"
- Maybe in reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
