Date: Thu, 14 Nov 2002 07:32:23 -0600 From: Eric Anderson <anderson@centtech.com> To: Kirk Bailey <idiot1@netzero.net> Cc: "security@FreeBSD.ORG" <security@freebsd.org> Subject: Re: list scripts, permissions, and ownerships. Message-ID: <3DD3A5E7.8020908@centtech.com> References: <Pine.LNX.4.44.0211140848220.9334-100000@serendipity.ksemat.co.ug> <3DD33DA6.55DB03A@netzero.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kirk Bailey wrote: > oops. I quote: > > 7.Is the target user NOT superuser? > > Presently, suEXEC does not allow 'root' to execute CGI/SSI > programs. > > Alas, the file appears to be owned by root. Now what? I'm assuming by "owned by root" you mean setuid bit is on and the ownership is root? Just making a file owned by root doesn't make it run as root. If you DID have the setuid bit on, and it IS root owned, you are in dangerous waters. It's not really a great idea to have suid root programs running from a web site - all it takes is for you to miss one thing and the "evil hacker" has root access on your box, instead of just access as "nobody". The nobody user should be able to read the aliases file just fine with no extra permissions. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Beware the fury of a patient man. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DD3A5E7.8020908>