[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Dangerous cgi-script



On Thu, 10 Jul 1997, Paul J. Schinder wrote:

> On any Unix machine where the admin has half a clue, the web server is
> running chrooted and with a uid of "nobody" or equivalent.  There's a limit
> to the damage that can be done.  I don't have much interest in or
> experience with Mac webservers (I run NetPresenz on my Mac just for kicks),
> but I believe they also don't permit mucking around outside the folder in
> which they are placed (the equivalent of chroot), and are running as
> "Guest".
> 
> Not that I think that running a CGI that does arbitrary evals is a good
> idea (it's a terrible idea), but it's not like posting the root password ...

Of course CGIs don't run as root. I just meant that you can do a lot of
damage on a machine without being root. Sorry if my message was
ambiguous.

Nicolas

--
Nicolas Le Clerc
<mailto:nleclerc@pobox.com>
<finger:nleclerc@pobox.com>


***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch