On Tuesday 02 September 2003 19:25, Jens Gutzeit wrote: > > what's wrong with making the program suid-to-some-other-user (not root) > > and then just executing it? I reallize this doesn't work for ping, which > > is suid-to-root anyway. > > Well, to be honest, I just have forgotten this option.
Damn, I should think first and then hit send, sorry for making so much noise. Anyway, with making the programm setuid anyone who has access to the webserver could execute this programm under a fixed userid. So this option is a realy bad idea if this is a customers webserver or s.th. similar. This means, if you're the only one who has access to the webserver, setuid is probably one of the best and easiest options, but if there are webs that are administrated by a different person you might end up with security problems (think of the setuid programm has a bug which allows to execute abitrary code). I would still sugest to setup a second webserver instance, and if you need port 80 use apaches mod_proxy. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
