PHPTOm writes: > My question is this: is it > normally ok to just copy a binary to a new location in linux or do I > need to specify the target location during compile? Normally, yes. Usually, what is hard coded into a binary is the path to config files. PHP, for example, has a hard coded path to php.ini. You can place the binary anywhere you want, but it will always look for php.ini in the same place. Allowing the user to call external binaries is always risky. Programs designed to be run locally quite likely have exploitable security holes. Make sure you do a security audit of everything first. If you can find a security hole with grep, so can your users. It is probably better to use the PHP pspell extension. I strongly suggest not using safe mode for PHP. While I haven't done an audit, I imagine there is at least one hole. Considering how easy it is to crash the PHP interpreter (for example, infinite recursion), I doubt it's totally secure. And even if it is, just configuring it properly is difficult. Relying on safe mode means your setup isn't secure. As the PHP manual says, and as anyone should realize, the proper way to solve the problem is at the OS level. CGI scripts, including PHP, need to be run as the owner of the script. This solves two major problems that occur under the typical Apache / mod_php setup. * Scripts cannot keep anything private. If a script has to connect to the database, the authentication info is stored in the script. Because the script is readable by the web server, any other user on the system can grab the authentication info. A friend of mine had his database on SourceForge trashed because of this. * Scripts cannot securely write to anything. If a script needs to write a file, then the file must be world writable, or at least writable by the web server. This means any other user on the system can write to the file. -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list