Re: A question on setting setuid bit
Hi,
This is an experimental package that we built and
evaluate internally (up to this moment). The program
that needs setuid is a cgi-bin program that is invoked
by apache2, which runs as a regular user www-data. The
cgi-bin program however needs to interact with
iptables.
I know setuid programs are risky but I haven't got the
time to address the security risk yet (one thing at a
time ... :-)
Thanks for the alert.
Clement
On Fri, 7 Jul 2006, Ian Jackson wrote:
> LEE, Yui-wah (Clement) writes ("A question on setting setuid bit"):
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set. I wonder which
> > one of the following two is the more appropriate method
> > to use?
>
> Forgive my scepticism, but which package, and why ? set-id bits
> should not be set lightly and they should only be used after careful
> consideration by experts.
>
> Ian.
>
Reply to: