[1616] in WWW Security List Archive
Re: CGI Scripts and Permissions
daemon@ATHENA.MIT.EDU (David Zlotchenko)
Wed Mar 13 13:37:04 1996
Date: Wed, 13 Mar 1996 10:03:38 -0500 (EST)
From: David Zlotchenko <zlotchen@solar.rtd.utk.edu>
To: KGANNON@dit.ie
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <01I28YPWJ5PKF5N8MY@dit.ie>
Errors-To: owner-www-security@ns2.rutgers.edu
Useres can only what you (as a script writer) allow them to do.
Killing others processes and deleteing files sounds like passing
arbitrary commands to shells. That's a bad practice in CGI scripting
anyway.
David.
On Tue, 12 Mar 1996 KGANNON@dit.ie wrote:
> If these question has been asked before excuse me I am new to the game.
>
> Has anyone had problems where they run all scripts as NOBODY (or something along those lines) and users start a war deleting each others databases,kill
> processes etc.
>
> If anyone has a non-wrapper based solution I would be interested in hearing ther input.
>
--
David Zlotchenko Phone: (01) (423) 974-6601
Research Services Email: zlotchen@utk.edu
The University of Tennessee URL: http://www.oars.utk.edu/~zlotchen
