From owner-freebsd-isp Mon Oct 1 7: 9:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id E2BF637B410 for ; Mon, 1 Oct 2001 07:09:27 -0700 (PDT) Received: (qmail 13411 invoked from network); 1 Oct 2001 14:09:26 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 1 Oct 2001 14:09:26 -0000 Date: Mon, 1 Oct 2001 16:13:45 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <77591052428.20011001161345@buz.ch> To: isp@freebsd.org Subject: setuid PHP MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello, I was searching for a way to run PHP setuid without having it as CGI script (cause that one lets the load on a server skyrocket which isn't really much of a surprise cause it needs to load some 5MB interpreter for each and every request for .php files) so I thought the only other solution would be to have an Apache, that setuid() to the owner of the file before PHP/CGI scripts are being run and so I found http://www.snert.com/Software/Become/ and while the author points out all of the obvious problems it creates, I'm now wondering whether this could be a solution to stop the users from being able to trash their neighbors news script that needs to be able to write to some data file which they thus have to make chmod 666. Any thoughts, feelings, comments? Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBO7hsDMZa2WpymlDxAQEn8gf/QYItVgYKd3ivQwvTVYtOh6naLXtpUbTU sdXvSPCU8/8ksrlOVZzS+bK1Mbbln2QqameI0d3x3ONRB3/9xLdHK0hd4w1ZxTAy tG8jZK/bSWExg3rprxi/mHWnpGwnF8t97njEKIiM9nrtFg9fGMXo8Hyh9ez31zAn LIQriwF4lZD8EmleiT3z2eq1atNJ2sCqTqWs2pEBSPsyETvv1E5CZmTHFF5jWDLK Uoz2kISzX0YjLtZBBzRIoCh7eGs4gWMjcBHARCDCg2wgOCjIfkO+RMtgrRdm6qtd 8c15bx8cfrSn4fL1qrAxgI+NTBpyPxT0/cR4PNb88rMNPWsDmOfNVA== =hBjO -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message