[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Re: CGI Wrap Errors

Subject: Re: [cobalt-developers] Re: CGI Wrap Errors
From: "Kevin D" <kdlists@xxxxxxxxx>
Date: Fri May 26 07:19:58 2000

This entire thread is silly. I just purchased a Raq3i and created a few
users to test your "security" issues. I find that even as a web site admin,
I can't access users directories, or any sensitive system areas. The only
thing I can access are the public web directories, which (DUH) are PUBLIC,
and accessible by anyone, anywhere on the net.

For those of you who don't care for the cgi-wrap, you have obviously never
run an ISP unix public web server where your constant fear is a user
executing a script that issues a command like "rm -r" on the root directory.
Now, if you are the only developer for your raq, I can understand disabling
cgi-wrap (although I would still advise against it, as even a seasoned user
can bring down a system with bad code). But if you plan to use the device in
a public setting, turning cgi-wrap off is equivalent to giving all your
users the root password.

Why not put a cobalt raq on a public network? Mine seems perfectly secure,
as secure as any other linux/unix based system out there.

Kevin

----- Original Message -----
From: <corliss@xxxxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Thursday, May 25, 2000 12:52 PM
Subject: Re: [cobalt-developers] Re: CGI Wrap Errors

> On Thu, 25 May 2000, Will DeHaan wrote:
>
> > RaQs have tiered administrative access based on common groups, "Site
> > administrators" we call them.  Many ISPs really like this style of
> > access that can't exist with your <G>-so-simple permissions plan.  I
> > understand that you don't care about this functionality.
>
> Perhaps they do or don't like them, the point remains that very little
attempt
> was made to try to tighten things down.  Even with your user model,
there's
> better ways to handle it if you just try, which it's obvious you didn't.
> These are all reasons why you couldn't pay me to put a Cobalt on a public
> network.  They're great for workgroup use in intranets, but I wouldn't
trust
> them any farther than that.
>
> > This thread is useless unless we're pursuing better permissions on
> > Cobalt boxes with the intention of preserving what it is that Cobalt
> > boxes do.
>
> Agreed, and that is exactly what started this whole thread--trying to find
> more secure configurations.  I've made my suggestions, if they don't work
the
> way you want, fine, ignore them.
>
> --Arthur Corliss
>   Programmer/Administrator
>   Gallant Technologies (http://www.gallanttech.com/)
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers

Follow-Ups:
- Re: [cobalt-developers] Re: CGI Wrap Errors
  - From: corliss

References:
- Re: [cobalt-developers] Re: CGI Wrap Errors
  - From: corliss

Prev by Date: [cobalt-developers] Planet Intra
Next by Date: Re: [cobalt-developers] 2.2.14 kernel
Previous by thread: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by thread: Re: [cobalt-developers] Re: CGI Wrap Errors

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index