From: Alex Martelli Date: Sun, 9 Nov 2003 16:31:18 +0000 (+0000) Subject: Avoid giving advice that's bad for security, as per SF bug #823515 X-Git-Tag: v2.4a1~1310 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6;p=thirdparty%2FPython%2Fcpython.git Avoid giving advice that's bad for security, as per SF bug #823515 (same as commit of Sun Nov 2 to the release23-maint branch) --- diff --git a/Doc/lib/libcgi.tex b/Doc/lib/libcgi.tex index 055f66cafa21..add322d584f5 100644 --- a/Doc/lib/libcgi.tex +++ b/Doc/lib/libcgi.tex @@ -598,7 +598,9 @@ Usually, this means using absolute path names --- \envvar{PATH} is usually not set to a very useful value in a CGI script. \item When reading or writing external files, make sure they can be read -or written by every user on the system. +or written by the userid under which your CGI script will be running: +this is typically the userid under which the web server is running, or some +explicitly specified userid for a web server's \samp{suexec} feature. \item Don't try to give a CGI script a set-uid mode. This doesn't work on most systems, and is a security liability as well.