On Fri, 11 Jun 1999, Arjan van de Ven wrote:
>
> kHTTPd adds rule 4:
>
> 4. If the file is executable or non-world-readable
This is a good idea, but do you really want to punt just becouse someone
goofed on the permissions of the file? This could cause
hard-to-diagnose changes in behavior if there are any bugs ot
inconsistancy between the khttpd and userspace httpd, and from a security
point of view, the worst that would happen is that your cgi would be
downloaded rather then executed (messy, but is it really that much of a
security risk?)
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBN2FZ5D7msCGEppcbAQGDRggAmnT2IrzB3KPs1XCyAcOlYpAQFdsbzZOh
Ho7RNcWKeRiFXRO+p/qyZ1np1/HVAQfnbIBHmxnHqg/q+MKZQbEg+ADXYXfzCHXA
q+mjCpMFAqa91q7ATUMynEg5yNBT24MAWWWyOl3bkWSgKCJEcHhS0K8xANyytoZc
Q2u2odiTZ23IovpS7wdzlQkIDjrydNcnzP+VT/45eTCAw/fsVp2xA2RQ13dSt99c
8Cjkyx1FGqiC8pBWnL3YtWInHiXxR8EuEsoxsmnCFmm6Q75njKGzAvdvX9PhRW4K
ozczvzwQTVwAK0fdBxF6oFrxCelW4kmxiCua9LZn83aiASCcsopkrg==
=Euc8
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/