Re: Technical committee acting in gross violation of the Debian constitution
- To: debian-devel@lists.debian.org
- Subject: Re: Technical committee acting in gross violation of the Debian constitution
- From: Matthias Urlichs <matthias@urlichs.de>
- Date: Thu, 4 Dec 2014 17:03:25 +0100
- Message-id: <[🔎] 20141204160325.GS6563@smurf.noris.de>
- In-reply-to: <1417198186.4622.4.camel@scientia.net>
- References: <20141116001628.GO32192@teltox.donarmstrong.com> <201411251941.16723.envite@rolamasao.org> <CAKTje6ECfcV=F5Qou3OJXNTqN23u6Hv9OHyYxhAarmy5SjFtWA@mail.gmail.com> <201411262329.26670.envite@rolamasao.org> <87zjbd33to.fsf@hope.eyrie.org> <1417047554.17080.2.camel@kagura.malsain.org> <E1Xu5h6-0007GZ-6S@swivel.zugschlus.de> <877fyg8emt.fsf@vostro.rath.org> <E1XuPus-0002za-AR@swivel.zugschlus.de> <1417198186.4622.4.camel@scientia.net>
Hi,
Christoph Anton Mitterer:
> For many things, CGI is actually the only way to run them securely,
> since it's the only way to run foreign processes in a container
> environment (chroots, etc.) or with user privilege separation.
?
If you can run a CGI inside a chroot/container/whatever, you can run a
small web server on a local port / Unix socket, and reverse-proxy it,
just as easily.
FastCGI is just a slightly more fancy way of doing this.
> The poor man alternatives like mod-php5 are nothing which a security
> conscious admin would ever use.
>
Definitely.
--
-- Matthias Urlichs
Reply to: