We had the problem of Stack being to small. We eventually found the cure
for that problem if your setuid to root of the webinator scripts in the
cgi-bin the error goes away. Yet if we kept the user as web we were getting
the error stack="1meg" Needs 2meg
Though Everyone would be interested in knowing the fix we have found.
---
Mitchell J. Mellin
Associate Webmaster
Monmouth University
(732)571-3552 webmaster@monmouth.edu
While running the program as setuid root may have worked around the
problem, we strongly urge that you not run our software as root by
default. We have made concerted efforts to not have security holes
in the package, but one of the best techniques for preventing any unknown
security issue from becoming a major fault is to ensure that no
web related software has intrinsic high level authority.
One of the safest Web configurations is to run all web related software
as "nobody". That way even if someone were to find a loophole in a cgi
program they still would not have access rights to alter anything important
on the server.
One of the versions of the NCSA HTTPD package contained a loophole that
was serious enough to cause a CERT advisory. The point is; nothing is
perfect, so why tempt fate?
There has to be a way to get your web server to increase the ULIMIT
for cgi programs without resorting to a setuid root. A 1 Mbyte limit
on cgi's is almost silly. Our suggestion would be to contact Netscape
Tech support. We don't have and SGI boxes running Netscape-Enterprise/2.01
which is why we're unable to resolve this from our side. We do have
Enterprise under Solaris and SGI machines running Apache and have
not encountered this issue under either of those environments.
We believe that this must be a combinatorial issue that Tech Support
within SGI or Netscape have addressed many times already.
