You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1995/11/11 10:20:22 UTC

Re: WWW Form Bug Report: "cgi-bins executed as a random user id" on

> 
> > 
> > 
> > Is the use of "User" allowed in this way?
> > ..looks dubious to me.
> > 
> > 
> 
> No, but it would be really cool if it did....

To do this, Apache would have to do its listen/accept as root. This is
supposedly security risk, but since it can change user before reading anything
from the socket, it seems to me that the possibility of subversion is fairly
minimal.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk
A.L. Digital Ltd,
London, England.