Re: A question on setting setuid bit

To: <leeyuiwah@hknet.com>
Cc: <debian-devel@lists.debian.org>
Subject: Re: A question on setting setuid bit
From: Ian Jackson <ian@davenant.greenend.org.uk>
Date: Tue, 2 Jan 2007 11:26:36 +0000
Message-id: <[🔎] 17818.16748.620561.91360@davenant.relativity.greenend.org.uk>
In-reply-to: <Pine.LNX.4.33.0607071629430.9429-100000@rimavpc1.dnrc.bell-labs.com>
References: <17582.37571.838597.246226@davenant.relativity.greenend.org.uk> <Pine.LNX.4.33.0607071629430.9429-100000@rimavpc1.dnrc.bell-labs.com>

LEE, Yui-wah (Clement) writes ("Re: A question on setting setuid bit"):
> This is an experimental package that we built and
> evaluate internally (up to this moment).  The program
> that needs setuid is a cgi-bin program that is invoked
> by apache2, which runs as a regular user www-data.  The
> cgi-bin program however needs to interact with
> iptables.

I see.

> I know setuid programs are risky but I haven't got the
> time to address the security risk yet (one thing at a
> time ... :-)

Can I plug my preprepared answer to this question ?  `userv' can let
you do this kind of thing very straightforwardly with a minimum of
risk of writing all of the kinds of bugs that set-id involves.

Ian.

Reply to:

Prev by Date: Re: Bug#405122: ITP: ocamlwc -- count the lines of code and comments in OCaml sources
Next by Date: Re: db.debian.org (and related infrastructure) updates
Previous by thread: Bug#405271: ITP: libtemplate-plugin-gd-perl -- GD plugin(s) for the Template Toolkit
Next by thread: Bug#405300: ITP: pyxplot -- A command-line plotting package that produces publication-quality output
Index(es):
- Date
- Thread