httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: NCSA httpd again: CGI scripts and log file descriptors (fwd)
Date Fri, 05 May 1995 19:13:20 GMT
   Date: Fri, 05 May 1995 15:27:09 -0500
   From: Randy Terbush <randy@dsndata.com>

   Ah. I had not realized that we were doing *anything* as root.

   It would be *really* cool if we could assign UIDs to certain
   ScriptAliased directories to make interfacing with DBMS a bit
   more secure.

Hmmm... there is evidently a cgi-wrapper floating around which runs
suid-root, and pick an ID for the CGI script that it's going to run
based on who owns the script, or some such criterion.

Doing this in the server itself would require us to keep root
privilege after starting to process a request, which some people might
view as a security risk (it would make the potential damage from stuff
like the stack-scribbling security hole much worse, by running the
trojan horse code with full root privileges, for instance).

This isn't *quite* as much of a risk with the suid cgi-wrapper
approach, because the interface to the wrapper is somewhat more
constrained (the worst you could do would be to try to put confusing
variables in the environment with bogus MIME headers --- and the
forced HTTP_ prefix puts most "useful" variables out of reach), but
never say never.

rst


Mime
View raw message