> Also, my system has cgiexec (does suid for CGI scripts) installed. The
> cgiexec documentation says that once cgiexec is installed, it is a
> security risk if people can execute code as "nobody" since that user has
> special access to the cgiexec code. Right now, anyone can execute code as
> nobody by writing ASP code, so in essence I have a security hole in my
> system, and I DO need cgiexec.
>
> So, does anyone have suggestions on how to do suid for ASP scripts?
no (because there isn't an easy, or even moderately difficult one), but
the solution to the "nobody" problem is to run your mod_perl webserver
under a "modperl" userid.
----------------------------------------------------------------------
[EMAIL PROTECTED] | Put all your eggs in one basket and
http://BareMetal.com/ | WATCH THAT BASKET!
web hosting since '95 | - Mark Twain
