FP & FreeBSD Revisited...

Fairlight fairlite at fairlite.com
Wed Jan 5 16:37:19 PST 2005


>From inside the gravity well of a singularity, Bob Stockler shouted:
> 
> There is no security risk with filePro SYSTEM commands being
> executed EUID the user "filepro" - unless those adminstering
> the system allow just anyone to have full access to the
> filePro creation programs . . . in which case any further
> security is meaningless.

I'm a security hound (some would say [and have said] extremist...obviously
these people haven't met a -real- paranoid yet), but I don't see any more
problem with that than mysqld running as mysql, quite honestly.  It needs
to in order to get the job done within its architecture.  Not all suid is
bad.

What I -do- have a problem with is people running apache as 'filepro'.
That's just asking for trouble.  Not as much as running it as root, but
there are safer ways to achieve the desired effect.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html


More information about the Filepro-list mailing list