Date: Mon, 1 Oct 2001 16:13:45 +0200 From: Gabriel Ambuehl <gabriel_ambuehl@buz.ch> To: isp@freebsd.org Subject: setuid PHP Message-ID: <77591052428.20011001161345@buz.ch>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hello, I was searching for a way to run PHP setuid without having it as CGI script (cause that one lets the load on a server skyrocket which isn't really much of a surprise cause it needs to load some 5MB interpreter for each and every request for .php files) so I thought the only other solution would be to have an Apache, that setuid() to the owner of the file before PHP/CGI scripts are being run and so I found http://www.snert.com/Software/Become/ and while the author points out all of the obvious problems it creates, I'm now wondering whether this could be a solution to stop the users from being able to trash their neighbors news script that needs to be able to write to some data file which they thus have to make chmod 666. Any thoughts, feelings, comments? Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBO7hsDMZa2WpymlDxAQEn8gf/QYItVgYKd3ivQwvTVYtOh6naLXtpUbTU sdXvSPCU8/8ksrlOVZzS+bK1Mbbln2QqameI0d3x3ONRB3/9xLdHK0hd4w1ZxTAy tG8jZK/bSWExg3rprxi/mHWnpGwnF8t97njEKIiM9nrtFg9fGMXo8Hyh9ez31zAn LIQriwF4lZD8EmleiT3z2eq1atNJ2sCqTqWs2pEBSPsyETvv1E5CZmTHFF5jWDLK Uoz2kISzX0YjLtZBBzRIoCh7eGs4gWMjcBHARCDCg2wgOCjIfkO+RMtgrRdm6qtd 8c15bx8cfrSn4fL1qrAxgI+NTBpyPxT0/cR4PNb88rMNPWsDmOfNVA== =hBjO -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77591052428.20011001161345>