From owner-freebsd-questions@FreeBSD.ORG Mon May 3 10:31:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDBF316A4CF for ; Mon, 3 May 2004 10:31:52 -0700 (PDT) Received: from mail03.talkactive.net (mail03.talkactive.net [81.19.252.192]) by mx1.FreeBSD.org (Postfix) with SMTP id AC63143D48 for ; Mon, 3 May 2004 10:31:51 -0700 (PDT) (envelope-from mikkel@talkactive.net) Received: (qmail 2922 invoked from network); 3 May 2004 17:31:45 -0000 Received: from unknown (HELO ?10.0.0.2?) (212.242.170.199) by mail03.talkactive.net with SMTP; 3 May 2004 17:30:45 -0000 From: Mikkel Christensen Organization: Talk|Active To: freebsd-questions@freebsd.org Date: Mon, 3 May 2004 17:30:49 +0000 User-Agent: KMail/1.6.1 References: <200404262126.36157.mikkel@talkactive.net> <20040503053729.GC23559@isite.net> <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com> In-Reply-To: <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405031730.49185.mikkel@talkactive.net> Subject: Re: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 May 2004 17:31:52 -0000 On Monday 03 May 2004 16:42, Marty Landman wrote: > At 01:37 AM 5/3/2004, Joe Rhett wrote: > >On Thu, Apr 29, 2004 at 02:20:14PM -0400, Marty Landman wrote: > > > On the side, this makes me wonder what the philosophy is on Windows > > servers > > > where the whole permissions concept is nonexistent afaik. > > > >Because suexec isn't really possible in that environment, so they have no > >options at all. > > Maybe this is a foolish question, but how can reasonable security on a > server running Windows/Apache be achieved? If the answer is what I fear, do > you think that the 'native' MS server, IIS can be configured more securely > than Apache? There are other tools than suexec under IIS. I'm no fan of windows, but really it isn't completely fucked up. > > Looking at it in another way, is it possible to have a secure, network > accessible server of any type w/o the Unix style permissions concept in place? > I can't tell exacely how it works but is is possible to configure IIS securely. Being able to break security because of poorly programmed software is different part of the story. The system does have permissions otherwise it would be quite useless. And IMO the permissions on windows are not that different from unix. Maybe a bit more complicated because everything is running through GUI but it's there. - Mikkel