Hello! > -----Original Message----- > From: Jens Gutzeit [mailto:[EMAIL PROTECTED] > Sent: 02 September 2003 18:44 > To: [email protected] > Subject: Re: execute application from webinterface > > > On Tuesday 02 September 2003 19:25, Jens Gutzeit wrote: > > > > what's wrong with making the program suid-to-some-other-user > (not root) > > > and then just executing it? I reallize this doesn't work for > ping, which > > > is suid-to-root anyway. > > > > Well, to be honest, I just have forgotten this option. > > Damn, I should think first and then hit send, sorry for making so > much noise. > > Anyway, with making the programm setuid anyone who has access to > the webserver > could execute this programm under a fixed userid. So this option > is a realy > bad idea if this is a customers webserver or s.th. similar. This > means, if > you're the only one who has access to the webserver, setuid is > probably one > of the best and easiest options, but if there are webs that are > administrated > by a different person you might end up with security problems > (think of the > setuid programm has a bug which allows to execute abitrary code). > > I would still sugest to setup a second webserver instance, and if > you need > port 80 use apaches mod_proxy.
I like the idea of a 2nd apache and the mod_proxy. But how do you install a 2nd httpd in debian? will i have to build it from source, or is there a trick with a apache package? Cheers, Mario > > Jens > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
