[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit


This is an experimental package that we built and
evaluate internally (up to this moment).  The program
that needs setuid is a cgi-bin program that is invoked
by apache2, which runs as a regular user www-data.  The
cgi-bin program however needs to interact with

I know setuid programs are risky but I haven't got the
time to address the security risk yet (one thing at a
time ... :-)

Thanks for the alert.


On Fri, 7 Jul 2006, Ian Jackson wrote:

> LEE, Yui-wah (Clement) writes ("A question on setting setuid bit"):
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set.  I wonder which
> > one of the following two is the more appropriate method
> > to use?
> Forgive my scepticism, but which package, and why ?  set-id bits
> should not be set lightly and they should only be used after careful
> consideration by experts.
> Ian.

Reply to: