mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 08:34:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Avoid giving advice that's bad for security, as per SF bug #823515

Browse source 
(same as commit of Sun Nov 2 to the release23-maint branch)
This commit is contained in:
Alex Martelli 2003-11-09 16:31:18 +00:00
parent 35d8360bf7
commit 50324a604c
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Doc/lib/libcgi.tex
View file

@ -598,7 +598,9 @@ Usually, this means using absolute path names --- \envvar{PATH} is
usually not set to a very useful value in a CGI script.
\item When reading or writing external files, make sure they can be read
or written by every user on the system.
or written by the userid under which your CGI script will be running:
this is typically the userid under which the web server is running, or some
explicitly specified userid for a web server's \samp{suexec} feature.
\item Don't try to give a CGI script a set-uid mode. This doesn't work on
most systems, and is a security liability as well.