Peter Cords said:
>If you allow execution of
>CGI programs from public_html, then users will be able to execute code
>(probably under their UID). Then you have to secure your machine against
>local exploits. Obviously, you should do this anyway, but if crackers can
>run arbitrary code (as a non-priviledged user), then you will have to act
>really fast to stop yourself from getting cracked whenever a new local
>exploit is discovered.
>
> Note that if you allow execution of arbitrary CGI programs, the CGI program
>could do anything, including start a shell listening on a TCP port, or even
>sshd, for someone to connect to. Allowing arbitrary CGI is equivalent to
>giving public shell access.
I have several cgi-scripts on the site. One is a data base program open to
public searching of information. is any cgi- script at risk if is in the
cgi-bin?
Steve
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]