From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 22 18:36:18 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 43ADA10656B7
	for <freebsd-questions@freebsd.org>;
	Fri, 22 Jan 2010 18:36:18 +0000 (UTC)
	(envelope-from mike@geofront.co.uk)
Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk
	[195.188.213.5])
	by mx1.freebsd.org (Postfix) with ESMTP id 035CB8FC1E
	for <freebsd-questions@freebsd.org>;
	Fri, 22 Jan 2010 18:36:17 +0000 (UTC)
Received: from [172.23.170.144] (helo=anti-virus03-07)
	by smtp-out2.blueyonder.co.uk with smtp (Exim 4.52)
	id 1NYOMh-0006aS-OR; Fri, 22 Jan 2010 18:36:15 +0000
Received: from [92.234.61.128] (helo=the-rubber-chicken-network.co.uk)
	by asmtp-out3.blueyonder.co.uk with esmtp (Exim 4.52)
	id 1NYOMh-0007Vh-8f; Fri, 22 Jan 2010 18:36:15 +0000
Received: from [192.168.0.6] (unknown [192.168.0.6])
	by the-rubber-chicken-network.co.uk (Postfix) with ESMTP id 3DAB2C667EF;
	Fri, 22 Jan 2010 18:37:20 +0000 (UTC)
Message-ID: <4B59F01A.5000803@geofront.co.uk>
Date: Fri, 22 Jan 2010 18:36:10 +0000
From: Mike Woods <mike@geofront.co.uk>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Nathan Vidican <nathan@vidican.com>
References: <4B59BC65.3040905@pixelhammer.com>	<4B59DD07.6020505@infracaninophile.co.uk>	<4B59E70B.4020108@pixelhammer.com>
	<795fc2b81001221005n2eb6cf5h454a6d2c20f4742c@mail.gmail.com>
In-Reply-To: <795fc2b81001221005n2eb6cf5h454a6d2c20f4742c@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: DAve <dave.list@pixelhammer.com>,
	User Questions <freebsd-questions@freebsd.org>
Subject: Re: Securing cgi scripts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2010 18:36:18 -0000

Nathan Vidican wrote:
> Check out suExec, (assuming you're using Apache)...
> 
> Please see:  http://httpd.apache.org/docs/1.3/mod/core.html#user   and/or
> http://httpd.apache.org/docs/1.3/suexec.html
> 
> You can make an entire VirtualHost directive run as a different user/group.

A more up to date version :)

http://httpd.apache.org/docs/2.2/suexec.html

Also have a look at itk, http://mpm-itk.sesse.net/

------------------------
Mike Woods
Full of squishy cynicism