Mailinglist Archive: opensuse (3491 mails)
| < Previous | Next > |
Suexec and User's CGI-bin
- From: etbonick@xxxxxxxxxxxxxxxxxxx
- Date: Tue, 1 Jul 2003 04:30:47 -0500
- Message-id: <1057051847.3f0154c79af0c@xxxxxxxxxxxxxxxxxxxxxxx>
I recently tried to install ipaudit-web on my suse 8.2 box. I ran into a problem
with apache and apache2. IPAudit has cgi scripts that is runs form its
public_html directory. It is created as a regular user. The susexec package to
my knowledge is supposed to execute the users cgi scripts as the owner of the
bin. IN apache and apache2 they are all run as wwwrun. Is this a vulerability?
Is there any way to fix this?
with apache and apache2. IPAudit has cgi scripts that is runs form its
public_html directory. It is created as a regular user. The susexec package to
my knowledge is supposed to execute the users cgi scripts as the owner of the
bin. IN apache and apache2 they are all run as wwwrun. Is this a vulerability?
Is there any way to fix this?
| < Previous | Next > |