[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid root CGI's - how bad it is?

On Thu, Sep 18, 1997 at 03:45:17PM -0400, Eloy A. Paris wrote:
: >If that's all you want, it's easy.  Do this:
: >
: >1) Authenticate the user against the system's /etc/passwd.
: 
: OK, my script is doing this. The user can enter his login ID and his
: password through a HTML form and the CGI script validates the user against
: /etc/passwd making sure the UID of the users is >= 1000.
: 
: >2) Use Apache's suEXEC module to run the CGI under the user's UID, 
: >   after authenticating the user.
: 
: This sounds like the solution but where can I find this module? It is not
: part of the apache-modules package.

It's part of Apache 1.2 feature set..  See:

http://www.apache.org/docs/suexec.html

for more info...

-- 
Jason Costomiris <><		| "VMS is about as secure as a poodle 
jcostom@sjis.com		|  encased in a block of lucite....
http://www.jasons.org/~jcostom/	|  .... about as useful, too."
#include <disclaimer.h>		|	   --some guy I read on Usenet


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble? 
e-mail to templin@bucknell.edu .
Reply to: