I'm trying to develop a dbman application on my ISP's web server with a zillion other shell-account users. I'd like to make it run setuid, just to keep the database file from being publicly-readable and writable. (Its Apache 1.3.9 on Linux.) Anyway, the standard setuid C wrapper approach works for most other apps. I've got it to start (by renaming db.cgi to db.pl, the wrapper as db.cgi, and changing parse_form to read from $ENV{'QUERY_STRING'}) but I run into one "insecure dependency" after another. I think the search function might also break because it relies on METHOD=GET in parse_form.
Has anyone done this successfully? I don't mind making major changes to the code.
--
stetzer
Has anyone done this successfully? I don't mind making major changes to the code.
--
stetzer