[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] UID of script userid less than configuredminimum
- Subject: Re: [cobalt-users] UID of script userid less than configuredminimum
- From: Chris Adams <cmadams@xxxxxxxxxx>
- Date: Mon, 29 Nov 1999 22:33:10 -0600
Once upon a time, Provincetown Design Group <pdg@xxxxxxxxxxxxxxxx> said:
> > I would consider
> >any names generated by the command cut -d":" -f1 /etc/passwd to be
> >reserved words until a new cgi-wrapper is tested and available.
>
>
> Gulp... This is a rather far reaching bug!! If I'm digesting the
> situation correctly, it seems that whatever I name the directories
> that contain my cgi scripts, all one of my domain clients has to do
> is create a user with the same name (maliciously or accidentally) and
> all my scripts come to a screeching halt!!!
It is actually worse than that. That's why I've installed the updated
cgiwrap RPM on all of my RaQ2 servers, even though I have some angry
site admins that have scripts broken because the update broke PATH_INFO.
I'd rather have some sites that don't work (and some angry users) than a
bad security problem.
Although, I'd really like to not have to make that choice (hint hint
Cobalt)! :-)
--
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.