RE: CGI security on a shared web server
From: Jeff Dafoe (jeffd@naphost.com)Date: 05/29/02
- Previous message: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Maybe in reply to: George Dinwiddie: "CGI security on a shared web server"
- Next in thread: dreamwvr: "Re: CGI security on a shared web server"
- Reply: dreamwvr: "Re: CGI security on a shared web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jeff Dafoe" <jeffd@naphost.com> To: "Beatie, Breck (ISSMountain View)" <BBeatie@iss.net> Date: Wed, 29 May 2002 11:59:44 -0400
> I don't understand what risks there are to the server and
> machine as a whole, such that the server owner should be
> reluctant to enable this feature. Could someone please tell
> me what are the risks and how are these risks controlled in
> typical "good" use of suEXEC?
I work as an admin at a hosting provider and I cannot imagine allowing CGIs
to run in a mass hosting environment under apache without the use of suexec.
Running end users' CGIs as the same user as the web server is asking for
problems, IMHO. Suexec, when improperly configured, can create a security
risk (as outlined in its installation documentation), but it is relatively
simple to configure it properly.
So, when improperly configured, suexec can pose a problem. When properly
configured, it mitigates a variety of issues posed by running CGIs as the
same user as the web server.
Jeff
- Previous message: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Maybe in reply to: George Dinwiddie: "CGI security on a shared web server"
- Next in thread: dreamwvr: "Re: CGI security on a shared web server"
- Reply: dreamwvr: "Re: CGI security on a shared web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
