[cgiwrap-users] RE: cgiwrap & option --with-multiuser-cgi-dir=PATH

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Correct. That's why it is important to be very careful what you put in that
directory and why it isn't enabled by default. As long as you are careful to
only put scripts that you have hand verified to be secure in there, you
should be perfectly safe. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

> -----Original Message-----
> From: Gennadi Umanski [mailto:um...@ti...] 
> Sent: Wednesday, November 21, 2001 10:51 AM
> To: Neulinger, Nathan
> Subject: cgiwrap & option --with-multiuser-cgi-dir=PATH 
> 
> 
> Hi,
> 
> i have a question about cgiwrap and the option 
> "--with-multiuser-cgi-dir=PATH"
> 
> > --with-multiuser-cgi-dir=PATH 
> >  define a central cgi script directory that is searched if 
> the script is not found
> >  in a user directory. This can be used to make a single 
> script available 
> >  that will run as any user, however, this can be very 
> dangerous if you're not
> >  extremely careful designing your script. Do not enable 
> this unless you know 
> >  what you're 
> >  doing. It is not needed for normal usage.  
> 
> We want use a shared cgi-directory with a cetrain 
> cgi-scripts, that root
> installed. This cgi-script should run under user-id. We dont 
> need a execution of
> user-script placed in user-homes.
>   My question is: what are the dangers of such solution? 
> These common-scripts
> run with user permission and they may do the same what a "normal"
> user-home-script may do too, dont they?
> 
> TIA,
>   G.Umanski    
> 
> --
> +----------------------------------------------------------------+
> | Dipl.Inform.  G. Umanski       | Phone: +49 651 201 2840       | 
> | Dept. Computer Science         | Fax  : +49 651 201 3954       |
> | University of Trier / Germany  | Room : V214                   |
> |           http://www.informatik.uni-trier.de/~umanskij/        |
> +----------------------------------------------------------------+
> 