On Thu, Sep 18, 1997 at 04:57:02AM +0000, Eloy A. Paris wrote: : Excuse my ignorance but how bad is it to have a setuid CGI script? : I know there should be big security issues with this but I don't : know what it is.
Are you 100% sure that your CGI has no bugs, no potential buffer overruns, doesn't trust input gathered from the User Agent, blah blah blah? If not, and you shouldn't be 100% sure, don't run CGI's suid to root. : I have a CGI script that needs to write files in a user's home directory. : How can I do that? If that's all you want, it's easy. Do this: 1) Authenticate the user against the system's /etc/passwd. 2) Use Apache's suEXEC module to run the CGI under the user's UID, after authenticating the user. -- Jason Costomiris <>< | "VMS is about as secure as a poodle [EMAIL PROTECTED] | encased in a block of lucite.... http://www.jasons.org/~jcostom/ | .... about as useful, too." #include <disclaimer.h> | --some guy I read on Usenet -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .