httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: setuid() again
Date Mon, 01 Jan 1996 17:13:34 GMT
          It ain't easy. With the heavy duty featurism in apache, I
  really wouldn't want to trust it with being so secure that it can run
  as root. I'd rather have a tiny lightweight server doing the seteuid
  stuff...

This is especially so considering that some of the novel attacks may
be on third-party module code over which we have no direct control
whatever.  This is why I continue to feel that if you *must* have 
uid-switching for CGI scripts, having it done by a small external
program (e.g. a cgi-wrapper) is the best approach --- it keeps the
security kernel small and easy to audit.  If you don't like the
policies which the existing ones implement, write your own.

rst


Mime
View raw message