Re: tlug: WebMin

[Darren Cook <darren@example.com>]

>>>www.webmin.com
>The problem, as I understand it, is that the Web server, running as root,
>invokes the script, also running as root.  The Web server designers can
>beef up security inside their daemon, but they have no control over the

As the original post said it used it's own web server I thought it would
have the functions built-in, and not use external cgi, to keep the number
of hackable things to a minimum.

Looking at the site it says it uses cgi to run a perl 5 script for each
module (eg. a DNS module, an Apache module, a filesystem module, etc.). So
there is enough complexity that it is bound to have some holes. But it has
SSL support, and it is open source.

If nervous about security it could still be useful on a LAN - run it on a
port that your router/firewall is set to deny to the outside world.

Darren

-------------------------------------------------------------------
Next Technical Meeting: February 13 (Sat), 12:30 place: Temple Univ.
** presentation: XEmacs, by Steven Baur and Martin Buchholz
Next Nomikai: March 19 (Fri), 19:30   Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT