Date: Thu, 3 Dec 1998 17:00:31 +0000 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Roman Katsnelson <roman@atlas-design.net> Cc: "q's" <freebsd-questions@FreeBSD.ORG> Subject: Re: sniffer Message-ID: <19981203170031.A19682@scientia.demon.co.uk> In-Reply-To: <3665B2AC.505ECA28@atlas-design.net> References: <36657AD5.1F79504B@atlas-design.net> <19981202200327.C366@scientia.demon.co.uk> <3665A44D.C8DDB6A@atlas-design.net> <19981202204128.A1283@scientia.demon.co.uk> <3665B2AC.505ECA28@atlas-design.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Katsnelson wrote:
> Reasons exist for us to have it running over web; with a CGI shell
> script running it. Which httpd doesn't run as root; which means I'd need
> to setuid it. I can see it being a slight privacy nuisance but would it
> be a real security hazard?
If the machine is only a web server, and the CGI script is careful with
what it sniffs, it might not be too bad.
If however you have normal users, I wouldn't want those running it.
You could also make it mode 4550, with the group as whichever group your
web server runs as ("www" for example), this would prevent normal users
running it.
--
Ben Smithurst
ben@scientia.demon.co.uk
send a blank message to ben+pgp@scientia.demon.co.uk for PGP key
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981203170031.A19682>