LEE, Yui-wah (Clement) writes ("Re: A question on setting setuid bit"): > This is an experimental package that we built and > evaluate internally (up to this moment). The program > that needs setuid is a cgi-bin program that is invoked > by apache2, which runs as a regular user www-data. The > cgi-bin program however needs to interact with > iptables.
I see. > I know setuid programs are risky but I haven't got the > time to address the security risk yet (one thing at a > time ... :-) Can I plug my preprepared answer to this question ? `userv' can let you do this kind of thing very straightforwardly with a minimum of risk of writing all of the kinds of bugs that set-id involves. Ian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]