Re: enabling suexec with debian apache [solved]

To: Robert Varga <robi@piros.zold.net>
Cc: Debian User List <debian-user@lists.debian.org>, Adam Shand <larry@alaska.net>, Marko Cehaja <marko@magikomik.de>
Subject: Re: enabling suexec with debian apache [solved]
From: Joe Block <jpb@creol.ucf.edu>
Date: Mon, 21 Feb 2000 16:31:51 -0500
Message-id: <[🔎] 38B1AEC7.D4F37316@creol.ucf.edu>
References: <[🔎] Pine.LNX.3.96.1000221220331.20309A-100000@piros.zold.net>

Robert Varga wrote:

> > This is a good thing, IMO.  Once students realize that it's their files
> > and quota that are going to be eaten up by runaway cgis, in my
> > experience they start paying more attention to what they're writing.
> >
> 
> It is not only what they write, but what they set the permissions to, as
> well. I know, this is also what they should learn. But with
> exploitable setuid cgi-s, and one can never be sure that his code is
> unexploitable, not only his cgi datafiles, but all files can be accessed
> and modified as well.

So create a second account, usercgi for the people who need to use cgis
and don't have the time/knowledge to secure them.

I still don't see where having all the users share one uid for their
cgis is better than having them use their own id - at least the damage
is limited to one user rather than all of them.

jpb
-- 
Joe Block <jpb@creol.ucf.edu>
CREOL System Administrator

Social graces are the packet headers of everyday life.

Reply to:

Follow-Ups:
- Re: enabling suexec with debian apache [solved]
  - From: Adam Shand <larry@alaska.net>

References:
- Re: enabling suexec with debian apache [solved]
  - From: Robert Varga <robi@piros.zold.net>

Prev by Date: glibc problem?
Next by Date: Re: creating a bootdisk
Previous by thread: Re: enabling suexec with debian apache [solved]
Next by thread: Re: enabling suexec with debian apache [solved]
Index(es):
- Date
- Thread