diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-04-13 11:35:26 +0200 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-04-13 14:44:30 +0200 |
commit | 3a94c23aed0f687940a0442d318359699e00015e (patch) | |
tree | 347584873b4c4d04e117bbd970413fa1aad71460 /systemd/fcgiwrap.service | |
parent | 333ff9951b169f6a093608497b8b97f304365017 (diff) | |
download | fcgiwrap-3a94c23aed0f687940a0442d318359699e00015e.tar.xz fcgiwrap-3a94c23aed0f687940a0442d318359699e00015e.zip |
Add `-p path` option to restrict scripts
If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other
program can be executed under the privileges of the fcgiwrap user.
When the option `-p path` is given, only the programs specified by `path` are
allowed to execute (multiple occurrences of `-p` are merged to form a list of
allowed programs).
Note that this value will be matched literally, no attempt is done to
canonicalize the path. This also implies that glob patterns or directories will
never match.
Diffstat (limited to 'systemd/fcgiwrap.service')
0 files changed, 0 insertions, 0 deletions