httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@tees.elsevier.co.uk>
Subject Re: Apache secure CGI bin patch (fwd)
Date Thu, 14 Sep 1995 10:52:36 GMT
> Re the SETUID patch.
> 
> It seems to me that this violates rule 1 of security; "Thou shalt run as root
> for no longer than is absolutely necessary".
> 
> On the other hand, if a sysadmin understands the issues, why not let them
                     ^^
		   clue ;)

> do it?

> Ben Laurie                  Phone: +44 (181) 994 6435

SETUID is actually a very useful feature, and can allow different modes
of expression in your webbing environment.  In environments with
a non-UNIX way of managing security (MOO, COLD) all programs run SETUID,
ie all scripts run with the sUID of the script's owner, rather then the
sUID of the person invoking the script.  It's a completely different
mindset, but it's not any less secure once the 'differences' are understood.

A projected Apache system might not 'understand' a specific security or
resource access model at all.  Ie it might not care if it's running on
a UNIX platform.  So the questions of:
	
	where do I get the data from
	how do I run these programs
	how do I enforce security

would be parceled off to a module:

	mod_unix_environment.c

or one of:

	mod_dos_environment.c
	mod_mac_environment.c
	mod_moo_environment.c

[Ok, It's more than likely that it WILL be running on a UNIX platform,
because it makes sense to use a powerful base for all your software.
However just because Apache has a neat way of managing access to
a port, or managing resources under load, or recording access etc, etc,
*doesn't* mean that it's doing the right thing for people who want to be
creative.]


Ay, pipedreaming.


Mime
View raw message