On Sun, 21 Oct 2007 19:48:23 +1000, Sven Dowideit <[EMAIL PROTECTED]> wrote: > 777 is on the working/tmp dir only, which is not used for any web > content. Also, as the twiki cgi scripts are callable from the command > line by any user, requiring the working/tmp dir to be writable by any > user, I can't think of any way that this is fixable?
Longer term, how about improving the architecture by adding an API to twiki itself? As a twiki user, I have been longing desperately for something like that for a long time, and that would help solve this problem, too. > TWiki does have a very painful set of assumptions, which don't map > easily to debian To some extent, it would fix this as well, I guess. /* era */ PS. Some more secure CGI links for you: <http://tinyurl.com/37tbz5> (brian d foy's CGI Meta FAQ) and from there in particular Simson Garfinkel's <http://thinkunix.net/web/cgi-rules.txt> checklist. -- If this were a real .signature, it would suck less. Well, maybe not. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
