[ic] suid vs. suexec with limited cgi-bin contents

John Young interchange-users@interchange.redhat.com
Tue Mar 5 17:55:00 2002


What is considered better from a security standpoint (yeah,
I know there are a lot of variables even in this comparison):

A) vlink as the only file in cgi-bin, suid, owned by the
   interchange user, and a-w on it and the cgi-bin directory.

-or-

B) same as above, but apache with suexec, and no suid on vlink.


Thanks,
John Young