[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Dangerous cgi-script

To: mac-perl@iis.ee.ethz.ch
Subject: Re: [MacPerl] Dangerous cgi-script
From: Nicolas Le Clerc <nleclerc@pobox.com>
Date: Thu, 10 Jul 1997 22:43:52 +0000 (UTC)
In-Reply-To: <v03110702afeb0f3e1676@pjstoaster>

On Thu, 10 Jul 1997, Paul J. Schinder wrote:

> On any Unix machine where the admin has half a clue, the web server is
> running chrooted and with a uid of "nobody" or equivalent.  There's a limit
> to the damage that can be done.  I don't have much interest in or
> experience with Mac webservers (I run NetPresenz on my Mac just for kicks),
> but I believe they also don't permit mucking around outside the folder in
> which they are placed (the equivalent of chroot), and are running as
> "Guest".
> 
> Not that I think that running a CGI that does arbitrary evals is a good
> idea (it's a terrible idea), but it's not like posting the root password ...

Of course CGIs don't run as root. I just meant that you can do a lot of
damage on a machine without being root. Sorry if my message was
ambiguous.

Nicolas

--
Nicolas Le Clerc
<mailto:nleclerc@pobox.com>
<finger:nleclerc@pobox.com>


***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

References:
- Re: [MacPerl] Dangerous cgi-script
  - From: "Paul J. Schinder" <schinder@pjstoaster.pg.md.us>

Prev by Date: Re: [MacPerl] Dangerous cgi-script
Next by Date: Re: [MacPerl] Dangerous cgi-script
Prev by thread: Re: [MacPerl] Dangerous cgi-script
Next by thread: Re: [MacPerl] Dangerous cgi-script
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net