[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] [ 100181 ] Can CGI scripts run other than as nobody
From: |
nobody |
Subject: |
[Savannah-hackers] [ 100181 ] Can CGI scripts run other than as nobody |
Date: |
Wed, 07 Nov 2001 04:31:01 -0500 |
Support Request #100181, was updated on 2001-Nov-07 04:31
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100181&group_id=11
Category: Web
Status: Open
Priority: 5
Summary: Can CGI scripts run other than as nobody
By: joachim
Date: 2001-Nov-07 04:31
Message:
Logged In: NO
Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)
Hi all,
I'd like to move a GPL project to your site. The
project has a CGI interface that requires write access
to its data on the WWW server. If the CGI scripts run
as user "nobody", this opens up a vulnerability since
the data must be made world-writable (or writable
by "nobody" which amounts to the same thing in an
environment with many unknown webmasters).
For this reason, it's essential that the scripts be
run as some user other than "nobody", one of the
project developers or admins would probably be best.
The question is: is this possible?
I found no way to get this to run on SourceForge, so I
haven't got my hopes too high up, but it would be nice
to have a confirmation either way.
Regards,
Joachim
----------------------------------------------------------------------
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100181&group_id=11
- [Savannah-hackers] [ 100181 ] Can CGI scripts run other than as nobody,
nobody <=