Date: Thu, 18 Oct 2001 10:52:53 -0700 (PDT) From: Gordon Tetlow <gordont@gnf.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Sheldon Hearn <sheldonh@starjuice.net>, Yarema <yds@dppl.com>, <arch@freebsd.org> Subject: Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned Message-ID: <Pine.LNX.4.33.0110181021380.1612-100000@smtp.gnf.org> In-Reply-To: <20011018170342.B64487@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Moved to -arch, where this rightfully belongs... On Thu, 18 Oct 2001, Andrey A. Chernov wrote: > On Thu, Oct 18, 2001 at 14:23:55 +0200, Sheldon Hearn wrote: > > > Specifically, one usually maps a foreign host's root to the local > > nobody. This means "foreign host's root has world-only permissions". > > And it not means that Apache allowed to read nobody files with 700 > permissions. I thought we already established that nobody owning files was a bad thing. Anything that creates files as nobody should be fixed. Apache doesn't create files as nobody (although cgi's execed as it might, but that's the cgi's fault, not Apache's), > > This is sounding worse and worse to me. Could you maybe provide an > > example that demonstrates the danger you're trying to protect against? > > See one above. And not forget about NIS, which use nobody in special way > too. Refresh my memory as to why nobody is special in NIS land? -gordon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0110181021380.1612-100000>