[1638] in WWW Security List Archive
Re: CGI Scripts and Permissions
daemon@ATHENA.MIT.EDU (Paul Phillips)
Thu Mar 14 15:31:36 1996
Date: Thu, 14 Mar 1996 09:38:59 -0800 (PST)
From: Paul Phillips <paulp@cerf.net>
To: Liz Stokes <ilaine@panix.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199603141651.LAA16772@panix.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 14 Mar 1996, Liz Stokes wrote:
> I hacked our server to run scripts as the uid of the owner. It gives the
> same effect as wrappers without the overhead.
[...] but with the added bonus that you get to run it as root all the
time so it can switch UIDs.
This makes me sufficiently nervous that I'll take the overhead of CGIwrap,
which is small and readable, when I need different script UIDs.
--
Paul Phillips | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net> | have a graphical browser"
<URL:http://www.cerf.net/~paulp/> | -- Canter and Siegel, on
<URL:pots://+1-619-558-3789/is/paul/there?> | their short-lived web site
