Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #26904 > unrolled thread
| Started by | Dennis Lee Bieber <wlfraed@ix.netcom.com> |
|---|---|
| First post | 2012-08-10 18:48 -0400 |
| Last post | 2012-08-11 08:59 +0200 |
| Articles | 2 — 2 participants |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: Unable to execute the script Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-08-10 18:48 -0400
Re: Unable to execute the script Hans Mulder <hansmu@xs4all.nl> - 2012-08-11 08:59 +0200
| From | Dennis Lee Bieber <wlfraed@ix.netcom.com> |
|---|---|
| Date | 2012-08-10 18:48 -0400 |
| Subject | Re: Unable to execute the script |
| Message-ID | <mailman.3190.1344638923.4697.python-list@python.org> |
On Fri, 10 Aug 2012 12:35:06 -0700, Smaran Harihar
<smaran.harihar@gmail.com> declaimed the following in
gmane.comp.python.general:
> Hi Tim,
>
> this is the output for the ls -lsF filename
>
> 8 -rwxr-xr-x 1 root root 5227 Jul 30 13:54 iplantgeo_cgi.py*
>
<shudder>
A CGI script owned by root? What "user" does your web server run as
-- I'd recommend setting that user as the owner of the CGI script.
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
[toc] | [next] | [standalone]
| From | Hans Mulder <hansmu@xs4all.nl> |
|---|---|
| Date | 2012-08-11 08:59 +0200 |
| Message-ID | <502602c0$0$6945$e4fe514c@news2.news.xs4all.nl> |
| In reply to | #26904 |
On 11/08/12 00:48:38, Dennis Lee Bieber wrote: > On Fri, 10 Aug 2012 12:35:06 -0700, Smaran Harihar > <smaran.harihar@gmail.com> declaimed the following in > gmane.comp.python.general: > >> Hi Tim, >> >> this is the output for the ls -lsF filename >> >> 8 -rwxr-xr-x 1 root root 5227 Jul 30 13:54 iplantgeo_cgi.py* >> > <shudder> > > A CGI script owned by root? Why not? It's not setuid, so being owned by root does not give it any special privileges. > What "user" does your web server run as? > I'd recommend setting that user as the owner of the CGI script. That's definitely a bad idea. More so if it's writeable by its owner, as is the case here. It would mean that if a security hole allows intruders to write to arbitrary files, then they can overwrite this script and that would allow them to execute arbitrary code. -- HansM
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web