Date: Wed, 1 Apr 1998 23:16:01 +0800 (WST) From: Dean Hollister <dean@odyssey.apana.org.au> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: suexec error Message-ID: <Pine.BSF.3.96.980401231446.27259B-100000@odyssey.apana.org.au> In-Reply-To: <007701bd5d80$9506f4a0$c3e0d9cf@admin.westbend.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Apr 1998, Scot W. Hetzel wrote: > This gets redefined to "public_html/cgi-bin" by the files/Makefile from the > apache-fp port. This way all cgi programs are in one directory instead of > being run from any directory under public_html. Yes, I know. However, even scripts in cgi-bin in the users directory runs as ROOT. That's a huge security risk - and bug. Regards, d. +-------------------------------------------------------+ | Dean Hollister, | dean@odyssey.apana.org.au | | Perth, Western Australia. | deanh@iinet.net.au | +-------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980401231446.27259B-100000>