> Hmm. You want to have people run a web browser as root and run cgi > scripts with root privilage. Please don't make this a default. I > can't think of any way to make this secure. It would be better > to hack together some kind of front end, or hack lynx into some > kind of dedicated engine. The possibilities for accidents are > too great if you run the scripts directly from lynx. That's true - but any time you allow logins into a system, you risk making it insecure. Debian provides all sorts of ways to log in to a system "by default" - but it is easy to turn them all off. Current web servers like Apache and Roxen are extremely configurable, which makes them really easy to misconfigure. So I don't think allowing this type of access using them is a wise move. It might be useful to use a specialized web server that is not very configurable, but has an extra emphasis on security. This could run on a non-standard port from /etc/inetd.conf, so it wouldn't conflict with a web server on the same system which was intended for normal uses. I like the idea. :-) Cheers, - Jim
Attachment:
pgpSoVy_QPEE6.pgp
Description: PGP signature