SPUG: Re: setuid & CGI security (was: site clutter)

Ken Clarke kenslinux at home.com
Tue Jun 26 00:45:30 CDT 2001


----- Original Message -----
From: "Jason Lamport" <jason at strangelight.com>
To: <spug-list at pm.org>
Sent: June 25, 2001 9:54 PM
Subject: SPUG: setuid & CGI security (was: site clutter)


> If a script runs as "nobody," then in order to have my script
> read from a file (such as a password file, for example) I have to
> make that file world-readable; and if the script needs to write to a
> file, then I need to make that file world-writable.  These are Bad
> Things.

I tried to explain this very thing to a tech support guy recently, but he
just got mad at me, saying "Having a world writable setting on the directory
is perfectly fine, you needn't worry about system attacks with that setting
on this server.  There should not be any further discussion of this topic."
He probably got mad because I asked him to ask a sys admin before allow me
to do this.  Guess he WAS the sys admin!

# Ken Clarke
# Web Programmer / E-commerce Technologist



 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/





More information about the spug-list mailing list