fedorapeople.org

Damian Myerscough damian.myerscough at gmail.com
Sat Jul 7 15:14:03 UTC 2007


On 07/07/07, seth vidal <skvidal at fedoraproject.org> wrote:
> On Sat, 2007-07-07 at 10:39 -0400, Jesse Keating wrote:
> > On Saturday 07 July 2007 10:22:20 seth vidal wrote:
> > > 1. right now I have username.fedorapeople.org going to each users'
> > > ~/public_html dir. There are no cgis allowed at all, that seems
> > > reasonable to me - makes sense to everyone else?
> >
> > Does that include mod_python stuff?  Being able to run gitweb or hgweb stuff?
>
>
> yes, it includes those. I don't think we should be running cgis of any
> sort. They eat ram and expose us to more risk, don't they?

Yes I agree there, I am assuming that PHP/Perl will also be disabled?

> Isn't the above what rsync is for? I guess I'm inclined to not have any
> scm - this is just a big box which serves files, statically, and does
> not open us up to that many attack vectors.

Will you be denying SSH "shell" access?

-- 
Regards,
  Damian




More information about the Fedora-infrastructure-list mailing list