[Speedycgi-users] Re: [speedycgi] speedy as setuid
Brought to you by:
samh
Menu
▾
▴
[Speedycgi-users] Re: [speedycgi] speedy as setuid
|
From: Sam H. <sa...@da...> - 2002-06-15 05:29:11
|
Why not just use suexec/cgiwrap with regular speedy? > I think the principle of this idea is a good one. > > However, for the implementation, I would urge that lessons learned from > cgiwrap and suexec on Apache be integrated in terms of what setup options > there are to make them orthogonal to existing packages that seek to deal > with suid issues and script security. > > At 07:56 PM 7/17/2001 +0100, an...@ic... wrote: > >Hi Sam > > > >I am using speedy on my web service providor's system and would like > >to tighten up the security of my web scripts. > > > >I have my own installation of speedy that runs setuid to my user id. > >This allows my scripts can access my files without making them world > >writable, but it also means that other users on the system could also > >access my files by running their scripts from my copy of speedy. > > > >I wondered whether it might be possible to change the behaviour of > >speedy such that if the speedy executable is setuid to a user other > >than root then the frontend will refuse to execute any script that is > >(i) not owned by the owner of the speedy executable, or (ii) has the > >same owner but is world- or group-writable. This behaviour could of > >course be a compile-time option. > > > >What do you think of the idea? > > > >Regards > >Andrew > >-- > >Andrew Ford, Director Ford & Mason Ltd Tel: +44 1531 829900 > >A....@fo... South Wing, Compton House Fax: +44 1531 829901 > >http://ford-mason.co.uk Compton Green, Redmarley Mobile: +44 7785 258278 > >http://pauntley-press.co.uk Gloucester, GL19 3JB > >http://refcards.com Great Britain > > __________________________________________________ > Gunther Birznieks (gun...@eX...) > eXtropia - The Open Web Technology Company > http://www.eXtropia.com/ |
