On Sun, 07 Nov 2004 10:10:31 -0600, John Hasler <[EMAIL PROTECTED]> wrote: > Steve Kemp writes: > > If you give people the ability to upload CGI scripts, like the perl > > example you mention, you've already lost - a malicious user could compile > > some C code statically and exectute that remotely. > > No need for C. Perl suffices.
I should be able to restrict a user's Perl scripts using Apache's suEXEC. I don't see how a user would be able to remotely execute a compiled C program outside of their priviledges. -Stephen Le -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
