Re: A question on setting setuid bit

To: <leeyuiwah@hknet.com>
Cc: <debian-devel@lists.debian.org>
Subject: Re: A question on setting setuid bit
From: Ian Jackson <ian@davenant.greenend.org.uk>
Date: Mon, 10 Jul 2006 18:05:04 +0100
Message-id: <[🔎] 17586.35008.124613.76542@davenant.relativity.greenend.org.uk>
In-reply-to: <[🔎] Pine.LNX.4.33.0607071629430.9429-100000@rimavpc1.dnrc.bell-labs.com>
References: <[🔎] 17582.37571.838597.246226@davenant.relativity.greenend.org.uk> <[🔎] Pine.LNX.4.33.0607071629430.9429-100000@rimavpc1.dnrc.bell-labs.com>

LEE, Yui-wah (Clement) writes ("Re: A question on setting setuid bit"):
> This is an experimental package that we built and
> evaluate internally (up to this moment).  The program
> that needs setuid is a cgi-bin program that is invoked
> by apache2, which runs as a regular user www-data.  The
> cgi-bin program however needs to interact with
> iptables.

!

This is a very risky way to go about things.  You desperately need to
have a competent security expert go over your design.

Also, I'd like to plug my program `userv' which can help solve some of
these problems - but you have to get the design right to get the best
out of it.

Ian.

Reply to:

References:
- Re: A question on setting setuid bit
  - From: Ian Jackson <ian@davenant.greenend.org.uk>
- Re: A question on setting setuid bit
  - From: "LEE, Yui-wah (Clement)" <leecy@bell-labs.com>

Prev by Date: Re: greylisting on debian.org?
Next by Date: Re: greylisting on debian.org?
Previous by thread: Re: A question on setting setuid bit
Next by thread: Bug#376720: ITP: alienbbc -- SlimServer plugin for streaming radio stations, especially bbc stations
Index(es):
- Date
- Thread