1998-12-23-20:58:07 Paul D. Robertson:
> On a general purpose OS, a CGI bug generally means access to root if any
> damage can be done at all.
If that were true, then this would be a case of a ghastly system design, that
could indeed help from a bandaid applied in the OS. But it's not; a CGI bug
generally means a non-privileged account is compromised, together with
whatever access to files --- read and/or write --- it needs to function. An
admin can surely badly configure an http daemon to run CGIs as root, but
that's in violent disagreement with some pretty clear documentation:-). And an
admin could fail to adequately restrict permissions on a system --- but then,
they could do a poor job of configuring a trusted OS, too. Just that it costs
more $$$, and you have a more complex ball o' bits, with a trusted OS.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
