|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Olaf Bohlen (firefox
is.sun-powered.de)Date: Wed Aug 01 2001 - 15:21:37 CDT
Hi,
>This don't say whether the locate database is always owned by nobody or
>just temporary. (I am not at a slackware box.) I am just curious,
because
This is on my Slackware 8 box:
freyr:/var/spool/locate# ls -l locatedb
-rw-r--r-- 1 nobody nogroup 1664857 Aug 1 04:42 locatedb
And this remains as nobody/nogroup.
But: no user (except root) should be able to gain access to nobody. so
this is not a security hole imho.
Also if you run apache-cgi's as user, apache chowns to the owner of the
cgi before executing it:
-- snip --
#!/bin/sh
echo "Content-type: text/plain"
echo
echo -n "Running cgi as: "
id
echo "Running httpd as: "
ps -ef | grep httpd | head -1
-- snip --
reports when executed by apache:
Running cgi as: uid=4109(dackel) gid=80(www) groups=80(www)
Running httpd as:
www 24330 23441 0 00:42 ? 00:00:27
/usr/local/apache/bin/httpd -DSS
so, i don't see a problem here.
Cheers
-- -- Olaf Bohlen --------------------- cell +49-172-4561817 -- -- Maxfeldstrasse 16 --- mail <firefox
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]