From owner-freebsd-questions Thu Apr 2 11:28:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA17713 for freebsd-questions-outgoing; Thu, 2 Apr 1998 11:28:07 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from general1.consumersedge.com (mail.personalogic.com [208.213.67.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA17636 for ; Thu, 2 Apr 1998 11:27:43 -0800 (PST) (envelope-from dshanes@personalogic.com) Received: from SHANES by general1.consumersedge.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49) id H555BVJ4; Thu, 2 Apr 1998 11:28:02 -0800 Message-ID: <01ae01bd5e6c$df49da40$1d43a8c0@shanes.personalogic.com> From: "David Shanes" To: , "chas" Subject: Re: How can CGI script execute root commands or edit root-owned files ? Date: Thu, 2 Apr 1998 11:23:50 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG If you do, make sure that you execute chroot so that users do not have access to too much of your computer. David _____________________________________________________ David Shanes 7535 Metropolitan Drive dshanes@personalogic.com San Diego, CA 92108 Database Developer (619) 220-5800 x228 PersonaLogic, Inc. (619) 220-5899 (fax) http://www.PersonaLogic.com -----Original Message----- From: chas To: freebsd-questions@FreeBSD.ORG Date: Thursday, April 02, 1998 11:23 AM Subject: How can CGI script execute root commands or edit root-owned files ? >Since a CGI script is executed with Nobody's (the web >server's) privilegies, how it can run Administrator >commands like useradd ? > >One suggestion I've had was running the webserver >as root but this seems to be considered >not a good thing by and large. I was just looking >at updating user records and DNS records in such >a manner. > >Cheers, > >Chas > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message