|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pavel Kankovsky (peak
argo.troja.mff.cuni.cz)Date: Fri Oct 26 2001 - 06:33:16 CDT
On Wed, 24 Oct 2001, Stefanos Harhalakis wrote:
> Suppose we have mingid==100 and a user with gid==0 which belongs to groups
> 123,234,345. Suexec will no execute and script for this user.
>
> Now suppose we have the same user with gid==123 which belongs to groups0
> ,234,345. Suexec will execute any cgi without problem. The running cgi will
> be a member of all those groups.
suexec does not check supplementary groups. It could do it but I do not
think it is a serious problem--the motivation behind the checks is to
avoid accidental invocation of CGI programs running under root or other
special accounts.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]