i'd go with redbull & vodka :p
- Original Message -
From: "Justin Funke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 17, 2001 10:04 PM
Subject: [e-smith-devinfo] Request for Comments
> Two questions?
>
> I am trying to t
> Actually, that might be the best, rather than second worst,,
> because that
> means it is least likely to be modified by a process controlled by an
> attacker. Or at least, if that happens, your php app is not
> the worst of
> your problems.
Ah yes - another good point. I was thinking of the
Justin Funke <[EMAIL PROTECTED]> said:
> I don't need 100% lockdown but running everying as a root is not an
> option I wish to entertain.
Yes, running any web server as root is simply irresponsible. E-smith's
way of www:www is a good implementation and you can either sudo specific
commands
> Really need more info on what security risks your opening. My own
> personal experience is sometimes security is
> counterproductive.
Darryl you working for Microsoft now? ;)
> If it is
> a production 'need' and the risk is acknowledged, signed off on and
> understood, implementing less
On Fri, 17 Aug 2001, Justin Funke wrote:
> > However, user "www" is probably the
> > worst choice
> > you could make,
>
> Nevermind, they started all at root/root - make that "second worst".
Actually, that might be the best, rather than second worst,, because that
means it is least likely to be
>
> > Question 1 -
> > I am unable to change the permissions to user "nobody"
> without breaking some
> > of the functionality. I have elected to go with user "www"
> for all these
> > potential security risks and the "shared" group. Any comments?
>
> You don't say what permissions you want t
Justin Funke <[EMAIL PROTECTED]> said:
> Question 1 -
> I am unable to change the permissions to user "nobody" without breaking
> some of the functionality. I have elected to go with user "www" for all
> these potential security risks and the "shared" group. Any comments?
Really need more info
On Fri, 17 Aug 2001, Justin Funke wrote:
> Question 1 -
> I am unable to change the permissions to user "nobody" without breaking some
> of the functionality. I have elected to go with user "www" for all these
> potential security risks and the "shared" group. Any comments?
You don't say what p
Two questions?
I am trying to tighten up my buggy web applications on e-smith. (various
flavours of Php-Nuke, different scripts and add-ons etc.)
Question 1 -
I am unable to change the permissions to user "nobody" without breaking some
of the functionality. I have elected to go with user "www"
