You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1995/11/17 20:40:54 UTC

SCO C2 security+inetd showstopper

As I was wandering through some code today, a terrible thought dawned upon me,
which is that SCO in high security mode has a very nasty gotcha under inetd;
you can't change user until you have worked some magic with the security
system. Depending on what Apache does with failed setuid (or whatever) this
is either a massive security hole or a showstopper.

I'll submit a patch over the weekend.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.