[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] php3 and security

Subject: [cobalt-developers] php3 and security
From: "Jose Luis Aguilar" <jlaguilar@xxxxxxx>
Date: Tue Jun 6 22:21:32 2000

Cobalt Developers,

I just installed php3 with mysql and imap support on a Raq3 and everything
seems to be working fine. Now my concern is about security. All .php3
scripts run under the web server UID "httpd". This is a security risk, since
a lot of files on the raq3 are owned by httpd.

Is there a way to use "cgiwrap" to run php3 scripts through it? or is there
any other way to run .php3 scripts with the owner's permissions?

Also, I remember Cobalt releasing an unofficial patch for the "httpd"
ownership security hole. I believe they changed the ownership of most files
to "nobody" instead of "httpd". Cobalt was supposed to release a official
patch for this issue, but it has been awhile now, and I have not seen it.
Where can I get the unofficial one?

I searched the archives for the cobalt lists, and I was unable to find
anything about this.

Thanks for your help,

Jose Aguilar

Prev by Date: [cobalt-developers] Internationalization
Next by Date: [cobalt-developers] Site Usage report
Previous by thread: [cobalt-developers] Internationalization
Next by thread: Re: [cobalt-developers] php3 and security

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index