Y
Hacker News
new
|
ask
|
show
|
jobs
by
tedunangst
2637 days ago
Probably most people. Who uses setuid CGI scripts?
1 comments
yrro
2637 days ago
You can't really have a setuid "script" anyway. But you can, at the bare minimum, launch CGI scripts via suEXEC. This prevents them from being able to attack the httpd worker processes, since they won't be running as the same user.
link