Re: setuid root CGI's - how bad it is?
On Thu, Sep 18, 1997 at 03:45:17PM -0400, Eloy A. Paris wrote:
: >If that's all you want, it's easy. Do this:
: >
: >1) Authenticate the user against the system's /etc/passwd.
:
: OK, my script is doing this. The user can enter his login ID and his
: password through a HTML form and the CGI script validates the user against
: /etc/passwd making sure the UID of the users is >= 1000.
:
: >2) Use Apache's suEXEC module to run the CGI under the user's UID,
: > after authenticating the user.
:
: This sounds like the solution but where can I find this module? It is not
: part of the apache-modules package.
It's part of Apache 1.2 feature set.. See:
http://www.apache.org/docs/suexec.html
for more info...
--
Jason Costomiris <>< | "VMS is about as secure as a poodle
jcostom@sjis.com | encased in a block of lucite....
http://www.jasons.org/~jcostom/ | .... about as useful, too."
#include <disclaimer.h> | --some guy I read on Usenet
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: