Theoretically, you could run Apache::ASP scripts
as a CGI program, which could then inherit the suexec
environment for execution, creating $Session such
as that suexec user.
Problem is that I have never gotten ASP to run as a full
CGI well. Check out the asp script in the distribution
cgi
On Fri, 14 Apr 2000, Ime Smits wrote:
| I also have ASP installed, and I'd like to be able to transparently suid
| the .asp scripts too. Do you know how I could go about doing this?
I think this is a general bad idea. The only purpose of running scripts via
a suexec or setuid mechanism I
Also, my system has cgiexec (does suid for CGI scripts) installed. The
cgiexec documentation says that once cgiexec is installed, it is a
security risk if people can execute code as "nobody" since that user has
special access to the cgiexec code. Right now, anyone can execute code as
nobody
| Also, my system has cgiexec (does suid for CGI scripts) installed. The
| cgiexec documentation says that once cgiexec is installed, it is a
| security risk if people can execute code as "nobody" since that user has
| special access to the cgiexec code. Right now, anyone can execute code as
|
On Mon, 17 Apr 2000, Ime Smits wrote:
| Also, my system has cgiexec (does suid for CGI scripts) installed. The
| cgiexec documentation says that once cgiexec is installed, it is a
| security risk if people can execute code as "nobody" since that user has
| special access to the cgiexec code.
| Huh? SuEXEC only works with mod_cgi (e.g. it requires the exec() part of
| it's name to get the Su part), it is not applicable to the persistant
| mod_perl world.
Ok, I must admit I mixed up referals to the concept (setuid()) and the
imlementation (suexec).
The point I was making was that
Hello,
I searched the egroups.com mod_perl archive for "cgiwrap" and didn't find
anything relevant to ASP.
I'm wondering if there's any documentation about how to use cgiwrap with
the ASP extension. Currently I have a modified version of cgiwrap
installed on my system such that all .cgi/.pl
| I also have ASP installed, and I'd like to be able to transparently suid
| the .asp scripts too. Do you know how I could go about doing this?
I think this is a general bad idea. The only purpose of running scripts via
a suexec or setuid mechanism I can think of is to stop different users
