[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit



LEE, Yui-wah (Clement) writes ("Re: A question on setting setuid bit"):
> This is an experimental package that we built and
> evaluate internally (up to this moment).  The program
> that needs setuid is a cgi-bin program that is invoked
> by apache2, which runs as a regular user www-data.  The
> cgi-bin program however needs to interact with
> iptables.

!

This is a very risky way to go about things.  You desperately need to
have a competent security expert go over your design.

Also, I'd like to plug my program `userv' which can help solve some of
these problems - but you have to get the design right to get the best
out of it.

Ian.



Reply to: