[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] CGI and root

Subject: [cobalt-security] CGI and root
From: "John Parris" <jparris@xxxxxxxxxxxxxx>
Date: Fri, 30 Jun 2000 00:16:26 -0400

I have a customer that needed a program called Pennywize installed. Part of
the installation 'requires' the following line in the httpd.conf:

CustomLog "| /home/sites/siteXX/web/cgi-bin/pennywize.cgi"
"%h|%u|%s|customer"



I've noticed that this causes the pennywize.cgi file to run as root. My
question is, is there a way to make the CGI run as the admin user of the
site, as nobody, or using cgiwrap? Having a CGI run as root is making me
nervous.

Someone please respond and please copy me at jparris@xxxxxxxxxxxxxx as it
gets hard to keep track of all the messages coming into this mailing list.


Thanks
John

Follow-Ups:
- [cobalt-security] Re: [cobalt-users] CGI and root
  - From: flash22

Prev by Date: Re: [cobalt-security] Re: Raq3 hacked (was:Support for Cobalt Products)
Next by Date: [cobalt-security] Re: [cobalt-users] CGI and root
Previous by thread: [cobalt-security] Cobalt RaQ permission scheme - security? PHP3?
Next by thread: [cobalt-security] Re: [cobalt-users] CGI and root

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index