08-10-2012, 10:48 PM
|
|||
|
|||
Re: Unable to execute the script
On Fri, 10 Aug 2012 12:35:06 -0700, Smaran Harihar
<smaran.harihar@gmail.com> declaimed the following in gmane.comp.python.general: > Hi Tim, > > this is the output for the ls -lsF filename > > 8 -rwxr-xr-x 1 root root 5227 Jul 30 13:54 iplantgeo_cgi.py* > <shudder> A CGI script owned by root? What "user" does your web server run as -- I'd recommend setting that user as the owner of the CGI script. -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/ 
|
|
Today
|
||||
|
||||
Sponsored Links
|
|
08-11-2012, 06:59 AM
|
|||
|
|||
|
Re: Unable to execute the script
On 11/08/12 00:48:38, Dennis Lee Bieber wrote:
> On Fri, 10 Aug 2012 12:35:06 -0700, Smaran Harihar > <smaran.harihar@gmail.com> declaimed the following in > gmane.comp.python.general: > >> Hi Tim, >> >> this is the output for the ls -lsF filename >> >> 8 -rwxr-xr-x 1 root root 5227 Jul 30 13:54 iplantgeo_cgi.py* >> > <shudder> > > A CGI script owned by root? Why not? It's not setuid, so being owned by root does not give it any special privileges. > What "user" does your web server run as? > I'd recommend setting that user as the owner of the CGI script. That's definitely a bad idea. More so if it's writeable by its owner, as is the case here. It would mean that if a security hole allows intruders to write to arbitrary files, then they can overwrite this script and that would allow them to execute arbitrary code. -- HansM
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
