Date: Thu, 18 Oct 2001 13:02:21 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: ports@freebsd.org, arch@freebsd.org Subject: Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned Message-ID: <27516.1003402941@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Thu, 18 Oct 2001 14:54:30 %2B0400." <20011018145428.B62250@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Oct 2001 14:54:30 +0400, "Andrey A. Chernov" wrote:
> This is not for this reason at all. This is because nobody user is NFS
> special and can't be used even for sandboxes without any writes.
It just seems weird to me that you haven't just left this area up to
things like the Apache SuExec project etc. CGI scripts are complex
beasts, and I wonder how much real security you gain with this
simplistic "solution".
I'm not saying you're making a mistake. I'm just nervous that this
hasn't been thought through very carefully and that you're just jumping
on the anti-nobody bandwagon. [1]
Ciao,
Sheldon.
[1] I think the anti-nobody bandwagon is headed in the right direction,
mind you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27516.1003402941>