[15911] in bugtraq
Re: Cobalt RaQ 3 security hole?
daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Sat Jul 22 18:58:48 2000
Mail-Followup-To: Wichert Akkerman <wichert@cistron.nl>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR"
Content-Disposition: inline
Message-Id: <20000722144045.A1881@cistron.nl>
Date: Sat, 22 Jul 2000 14:40:45 +0200
Reply-To: Wichert Akkerman <wichert@CISTRON.NL>
From: Wichert Akkerman <wichert@CISTRON.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <023501bff34e$f73afca0$6900030a@seifried.org>; from
listuser@seifried.org on Fri, Jul 21, 2000 at 02:05:06PM -0600
--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Previously Kurt Seifried wrote:
> Wouldn't it be a LOT more secure if the webserver ran as nobody and the
> scripts that needed to run as root, well ran as root (and had properly
> paranoid input checking).
One could use userv here to interact with the tools that need to be root,
that should improve things majorly.
Description: `user services' - program call across trust boundaries
userv allows one program to invoke another when only limited trust
exists between them. It is a tool which can be used to avoid having
to give other system services root privilege, and which allows users
to more securely have programs provide services to others.
Wichert.
--=20
_________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@wiggy.net http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjl5lkwACgkQPLiSUC+jvC2g9gCeKH2tmLY/QCot+or1yGqvIBZ7
4o0Ani6zox/Q0Ha8ACb2VG7vJ9CR+wS3
=XrZO
-----END PGP SIGNATURE-----
--T4sUOijqQbZv57TR--
