On 7/16/07, Carlos Eduardo Maiolino <maiolinux@xxxxxxxxx> wrote:
Sorry but, it's wrong. All users of the system need access in the /etc/passwd. I won't cgi-scripts list the /etc/passwd
There are some solutions that involve chrooting, SELinux, or similar restrictions layered on top of basic unix permissions. But you really hit the key point in "all users of the system need access ..." CGI scripts are simply programs run by your users. If you users can access /etc/passwd through the shell, then they can access it through CGI, and there is no real difference in security. So if someone already has a shell account, then there is really no extra security issue in them writing CGI scripts (under suexec) -- the risks are about the same. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|