Antoine Pitrou wrote:
Well, if I can create a setuid apache shell, I can probably su as root or apache as well. ("su -c rm -r whatever")Or are you talking about a Web-based shell?
I'm just saying that if there is any way of running code of your choice as the apache user, you can get it to make a copy of /bin/sh and suid it. Of course, if you have permission to su apache, then this is not necessary. But then you wouldn't have to go through web server contortions to fix apache-generated botchups either. -- Greg _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
