On Mon, 21 Feb 2000, Joe Block wrote:
> Robert Varga wrote: > > If there is an exploitable cgi, then there is web access to all of the > > owning user's files. If it is not run via the suEXEC mechanism, then the > > permissions are that of www-data, which are close to nothing. > > Without using suexec or cgiwrap, how do you keep each user's cgis from > mucking about with the other user's cgi datafiles? And I certainly > don't want one of my student users' cgis able to mess with my log files, > which are also owned by www-data That IS a case when it is needed, and must be set by the admin to use suexec. > > > If suEXEC is enabled, then a lot more requirements need to be met for > > running a cgi. This usually leads to a lot of users complaining about this > > and that is not working and why, when it runs on another similar machine? > > This is a good thing, IMO. Once students realize that it's their files > and quota that are going to be eaten up by runaway cgis, in my > experience they start paying more attention to what they're writing. > It is not only what they write, but what they set the permissions to, as well. I know, this is also what they should learn. But with exploitable setuid cgi-s, and one can never be sure that his code is unexploitable, not only his cgi datafiles, but all files can be accessed and modified as well. Robert Varga
