Avoid giving advice that's bad for security, as per SF bug #823515

(same as commit of Sun Nov 2 to the release23-maint branch)
author: Alex Martelli <aleaxit@gmail.com> 2003-11-09 16:31:18 (GMT)
committer: Alex Martelli <aleaxit@gmail.com> 2003-11-09 16:31:18 (GMT)
commit: 50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6 (patch)
tree: ceb6595c6a377ad0c654ac71b5bf4ab091b580ea /Doc
parent: 35d8360bf7692d15292e4122d608aea1cddd46b1 (diff)
download: cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.zip
cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.tar.gz
cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/Doc/lib/libcgi.tex b/Doc/lib/libcgi.tex
index 055f66c..add322d 100644
--- a/Doc/lib/libcgi.tex
+++ b/Doc/lib/libcgi.tex
@@ -598,7 +598,9 @@ Usually, this means using absolute path names --- \envvar{PATH} is
 usually not set to a very useful value in a CGI script.
 
 \item When reading or writing external files, make sure they can be read
-or written by every user on the system.
+or written by the userid under which your CGI script will be running:
+this is typically the userid under which the web server is running, or some
+explicitly specified userid for a web server's \samp{suexec} feature.
 
 \item Don't try to give a CGI script a set-uid mode.  This doesn't work on
 most systems, and is a security liability as well.
author	Alex Martelli <aleaxit@gmail.com>	2003-11-09 16:31:18 (GMT)
committer	Alex Martelli <aleaxit@gmail.com>	2003-11-09 16:31:18 (GMT)
commit	50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6 (patch)
tree	ceb6595c6a377ad0c654ac71b5bf4ab091b580ea /Doc
parent	35d8360bf7692d15292e4122d608aea1cddd46b1 (diff)
download	cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.zip cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.tar.gz cpython-50324a604c3f3c83fcbc4eb6a4783b26a0bcb5a6.tar.bz2