I got some random request today from someone asking how COMMA allows
public_cgi-bin scripts. httpd can run scripts in the ~user's filespace,
but when doing so runs as root (under some configurations). COMMA's
solution was to call a setuid(noone) wrapper before exec'ing the user's
script.
If you don't go to such elaborate ends, and you set up user scripting,
then you're doing something unsafe. Sooo, are we documenting 'unsafe
practice to be avoided' along with our other docs, or could this behaviour
even be considered a bug to be squashed in 0.6.2?
I dunno if there's a httpd-admin FAQ anywhere. Anyone seen one?
> rob
Ay.
public_cgi-bin scripts. httpd can run scripts in the ~user's filespace,
but when doing so runs as root (under some configurations). COMMA's
solution was to call a setuid(noone) wrapper before exec'ing the user's
script.
If you don't go to such elaborate ends, and you set up user scripting,
then you're doing something unsafe. Sooo, are we documenting 'unsafe
practice to be avoided' along with our other docs, or could this behaviour
even be considered a bug to be squashed in 0.6.2?
I dunno if there's a httpd-admin FAQ anywhere. Anyone seen one?
> rob
Ay.