Hi,
(sorry for the off-topic question but I don't know where to ask)
Excuse my ignorance but how bad is it to have a setuid CGI script?
I know there should be big security issues with this but I don't
know what it is.
I have a CGI script that needs to write files in a user's home directory.
How
On Thu, Sep 18, 1997 at 03:45:17PM -0400, Eloy A. Paris wrote:
: >If that's all you want, it's easy. Do this:
: >
: >1) Authenticate the user against the system's /etc/passwd.
:
: OK, my script is doing this. The user can enter his login ID and his
: password through a HTML form and the CGI scrip
Eloy A. Paris wrote:
>
> Hi,
>
> (sorry for the off-topic question but I don't know where to ask)
>
> Excuse my ignorance but how bad is it to have a setuid CGI script?
If you insist on a script, a perl script written by a knowledgeable and
paranoid programmer could be safe. A C program writte
Hi,
At 08:11 AM 9/18/97 -0400, Jason Costomiris wrote:
>Are you 100% sure that your CGI has no bugs, no potential buffer overruns,
>doesn't trust input gathered from the User Agent, blah blah blah?
>
>If not, and you shouldn't be 100% sure, don't run CGI's suid to root.
No, I am not sure and I k
On Thu, Sep 18, 1997 at 04:57:02AM +, Eloy A. Paris wrote:
: Excuse my ignorance but how bad is it to have a setuid CGI script?
: I know there should be big security issues with this but I don't
: know what it is.
Are you 100% sure that your CGI has no bugs, no potential buffer overruns,
doesn
5 matches
Mail list logo
