httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject setuid() again
Date Sun, 31 Dec 1995 21:53:01 GMT
Anybody home?


Still searching for the Grail on this one.....

I've explored the following suggestions:

* setuid to the user of the CGI script

   This method creates many support headaches.
	. users not understanding how to setuid a script
	. perl not wanting to exec a setuid script
	. ease of creating a wrapper for every user's CGI script

* cgiwrapper

   Disables the ability to have index.cgi
   Some support issues with explaining it's use.


This brings me back to the use of seteuid() in the server.

While I agree that it is somewhat scary to be switching uids
in our CGI code, there are benefits to this approach that 
*improve* security as well. Correct me if I'm wrong...
(as if I need to ask)

Most changes can be restricted to can_exec().

We can:
	disallow execution of any CGI by uid 0.
	force the CGI script to be under the owners home directory
	control the PATH set for any of these scripts
	restrict system resources on OSs with setrlimit

It seems that after all of these conditions have been met,
seteuid() to the owner of the script is relatively safe.

I've got a pretty clear picture of how to do this. I would appreciate
any feedback.





Mime
View raw message