no setuid for CGI scripts?
Chris Gonnerman
chris.gonnerman at newcenturycomputers.net
Thu Nov 8 08:45:14 EST 2001
Maybe I've missed something, but isn't this a problem
for the server administrators? Have you talked/emailed
him/her/them about this problem?
Otherwise, a C wrapper is the only choice. You can't
make it work any other way without the assistance of
someone with administrative privileges.
----- Original Message -----
From: "pawn" <NOSpawnPAM at lightspawn.org>
> My CGI scripts save information submitted by users in files, and later
> display this information inside HTML templates.
>
> It seems to me that either I find a way to let these scripts run with
> my UID, or, in order to let them read / write files in the data
> directory, I have to make it world-writable which means malicious
> users on the same system can delete files, as well as create files
> which were not processed by the CGI's policies.
>
> Is there something I'm missing here? *Can* I get by without setuid?
More information about the Python-list
mailing list