summaryrefslogtreecommitdiff
path: root/systemd/fcgiwrap.service
diff options
context:
space:
mode:
authorPeter Wu <lekensteyn@gmail.com>2013-04-13 11:35:26 +0200
committerPeter Wu <lekensteyn@gmail.com>2013-04-13 14:44:30 +0200
commit3a94c23aed0f687940a0442d318359699e00015e (patch)
tree347584873b4c4d04e117bbd970413fa1aad71460 /systemd/fcgiwrap.service
parent333ff9951b169f6a093608497b8b97f304365017 (diff)
downloadfcgiwrap-3a94c23aed0f687940a0442d318359699e00015e.tar.xz
fcgiwrap-3a94c23aed0f687940a0442d318359699e00015e.zip
Add `-p path` option to restrict scripts
If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other program can be executed under the privileges of the fcgiwrap user. When the option `-p path` is given, only the programs specified by `path` are allowed to execute (multiple occurrences of `-p` are merged to form a list of allowed programs). Note that this value will be matched literally, no attempt is done to canonicalize the path. This also implies that glob patterns or directories will never match.
Diffstat (limited to 'systemd/fcgiwrap.service')
0 files changed, 0 insertions, 0 deletions