Menu
▾
▴
RE: [Nms-cgi-devel] World r/w able files and directories
|
From: Jonathan S. <gel...@ge...> - 2002-02-14 21:01:05
|
On Thu, 14 Feb 2002, Wizard wrote: > > There really is no totally secure way of securing r/w files on a webserver, > as the webserver UID is the one that needs to write to them, and this is the > most likely UID target for exploits (but it has become more rare). Ideally a shared webserver would have some kind of mechanism such as Apache's SuExec whereby each user's CGI programs get run under a separate UID in a relatively secure fashion. Unfortunately we cannot expect that of our constituency :( Whilst a lot of the files do need to be readable *and* writeable (Guestbook, FFA) - for a certain number of them I think that we could sysopen them for writing but with a mode of 0400 /J\ -- Jonathan Stowe | <http://www.gellyfish.com> | This space for rent | |
