[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] URGENT: Security hole in CgiWrap ?

Subject: Re: [cobalt-users] URGENT: Security hole in CgiWrap ?
From: "manitu" <manitu@xxxxxxxxxx>
Date: Tue Mar 7 23:17:17 2000

> I can't be sure of this (I'm sure someone will correct if I'm wrong) but
> cgi-wrapper forces the CGI to be run with the permissions of the file in
> question (in this case it's owned by 'manitu' correct?) and without
> cgi-wrapper it runs as the same user as the entire webserver itself -
httpd.

Hmmm. To be honest I don't know much about cgi wrapper. But if it is true
what you are saying, doesn't this open more ways for hackers to come into
your server if your clients are using unsecure scripts ? Perhaps they don't
know about that and run their scripts as site admins who have some more
rights than simple users.

Anybody from Cobalt in this list who has details about this?

Manuel

References:
- RE: [cobalt-users] URGENT: Security hole in CgiWrap ?
  - From: Neil J. Kemp

Prev by Date: RE: [cobalt-users] Can somebody give refernces of DialtoneInternet for Raq hosting
Next by Date: [cobalt-users] ftp logging on a raq3
Previous by thread: RE: [cobalt-users] URGENT: Security hole in CgiWrap ?
Next by thread: Re: [cobalt-users] URGENT: Security hole in CgiWrap ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index