On Thu, 10 Jul 1997, Paul J. Schinder wrote: > On any Unix machine where the admin has half a clue, the web server is > running chrooted and with a uid of "nobody" or equivalent. There's a limit > to the damage that can be done. I don't have much interest in or > experience with Mac webservers (I run NetPresenz on my Mac just for kicks), > but I believe they also don't permit mucking around outside the folder in > which they are placed (the equivalent of chroot), and are running as > "Guest". > > Not that I think that running a CGI that does arbitrary evals is a good > idea (it's a terrible idea), but it's not like posting the root password ... Of course CGIs don't run as root. I just meant that you can do a lot of damage on a machine without being root. Sorry if my message was ambiguous. Nicolas -- Nicolas Le Clerc <mailto:nleclerc@pobox.com> <finger:nleclerc@pobox.com> ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch