[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit

LEE, Yui-wah (Clement) writes ("Re: A question on setting setuid bit"):
> This is an experimental package that we built and
> evaluate internally (up to this moment).  The program
> that needs setuid is a cgi-bin program that is invoked
> by apache2, which runs as a regular user www-data.  The
> cgi-bin program however needs to interact with
> iptables.

I see.

> I know setuid programs are risky but I haven't got the
> time to address the security risk yet (one thing at a
> time ... :-)

Can I plug my preprepared answer to this question ?  `userv' can let
you do this kind of thing very straightforwardly with a minimum of
risk of writing all of the kinds of bugs that set-id involves.


Reply to: