Re: CGI security on a shared web server
From: dreamwvr (dreamwvr@dreamwvr.com)Date: 05/29/02
- Previous message: Steffen Dettmer: "Re: CGI security on a shared web server"
- In reply to: Jeff Dafoe: "RE: CGI security on a shared web server"
- Next in thread: Jeff Dafoe: "RE: CGI security on a shared web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 May 2002 12:19:03 -0600 From: dreamwvr <dreamwvr@dreamwvr.com> To: secprog@securityfocus.com
On Wed, May 29, 2002 at 11:59:44AM -0400, Jeff Dafoe wrote:
> > I don't understand what risks there are to the server and
> > machine as a whole, such that the server owner should be
> > reluctant to enable this feature. Could someone please tell
> > me what are the risks and how are these risks controlled in
> > typical "good" use of suEXEC?
> to run in a mass hosting environment under apache without the use of suexec.
> Running end users' CGIs as the same user as the web server is asking for
> problems, IMHO. Suexec, when improperly configured, can create a security
( && helo Glynn Long time no stream too.. ;-)) Anyways suexec is_a_helper.
I would agree with you that suexec is a good thing. It helps babysit
if you like is all. But it is not a universal solvent. Nothing really
is.. 'suexec helps fix common issues with scripts other than the
actual guts of cgi-script itself.' I would agree with you as well that it
lends to a added layer of abstracted web security if you will. whew:-)
Is anyone using cgiwrap that is also familiar with suexec? Would like
to know their opinions on the comparison.
Best Regards,
dreamwvr@dreamwvr.com
- Previous message: Steffen Dettmer: "Re: CGI security on a shared web server"
- In reply to: Jeff Dafoe: "RE: CGI security on a shared web server"
- Next in thread: Jeff Dafoe: "RE: CGI security on a shared web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
