>At 10:55 PM -0500 1/16/02, Ben Parker wrote: >>If you manage to install Webware from FTP or SCP access only, you can always >>use popen() from within a servlet to execute any command as if you were in a >>shell. > >That's interesting as I would have thought (and hoped) that you would >at least have to figure out a way to change to a privileged user id >before you could start issuing system commands. Don't servlets run as >user Nobody just like cgi? > >> So you could have a servlet handled by OneShot that starts up the >>persistent application server. > >There's another issue tho- most virtual hosts use procwatch (or >something like it) to kill off long running processes that aren't >authorized. If python isn't on the list, the app server will go down >in about 20 seconds.
Good call, both of those may be a problem. I've been working with my own server for a while so I assumed that the CGI would be configured to run as the user on the box, but not all shared-server providers do that. I also assumed that this user was allowed to run long processes, but just didn't have access. Either way it's a bad situation! >In any case, I can't see trying to do anything serious with webware >or much else for that matter if you don't have shell access. It's >aggravating enough to not have root privileges. Hear, hear! Switch providers! _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
