Date: Thu, 29 Apr 2004 15:30:36 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: Marty Landman <MLandman@face2interface.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Suexec with Apache 1.3.29 Message-ID: <20040429143036.GC21785@lb.tenfour> In-Reply-To: <6.0.0.22.0.20040429101444.0e68a6a0@pop.face2interface.com> References: <200404262126.36157.mikkel@talkactive.net> <200404291058.44766.mikkel@talkactive.net> <409109D6.2090504@circlesquared.com> <200404291406.58150.mikkel@talkactive.net> <6.0.0.22.0.20040429101444.0e68a6a0@pop.face2interface.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Marty Landman <MLandman@face2interface.com> [0423 15:23]: > > With suexec running, a cgi gets set to 744 or 700 instead of 755; a data > file e.g. log or count file gets 644 or 600 instead of 666. It's amazing to > me that more vandalism and cross site scripting doesn't occur given the > servers that still don't run suexec, or the users that aren't hip to using > it properly for setting permissions when the server does support it. suexec is a pig to configure, complex and poorly documented. I think that's at least partly why the world runs away from CGI and towards stuff like JSP/PHP.... -- Reality is for people who lack imagination. Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040429143036.GC21785>