httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Added Setuid Flag for CGI/SHTML scripts. (fwd)
Date Sun, 05 May 1996 20:12:12 GMT

Randy, is this your area of expertise ?

not acked.

Sender: nelson@cs.umn.edu
Message-ID: <318CFF3B.E0DBC13@cs.umn.edu>
Date: Sun, 05 May 1996 14:19:23 -0500
From: "Andrew F. Nelson" <nelson@cs.umn.edu>
Organization: System Staff University of Minnesota
X-Mailer: Mozilla 3.0b2 (X11; I; Linux 1.3.86 i586)
MIME-Version: 1.0
To: apache-bugs@mail.apache.org
Subject: Added Setuid Flag for CGI/SHTML scripts.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I don't think this is exactly the place for this, but if you could
bounce this to the correct people I would appreciate it.  

I have added built-in setuid functionality into the CGi and include
modules of the 1.1b2 Apache server.  There is another option that can be
given in the access file alongside the ExecCGI flag, SetUID.  This will
check to see who owns the cgi script and if it is not root execute it as
them.  There are some security issues with this.  For example on our
systems we turn off chown-giveaway which denies users from chowning
things over to another user.  This is basically a must.  With this off
the scripts are secure enough for our site.  Users can write terrible
CGi scripts and hose their own files, not mine.  This is alos a lot more
elegant than something like uncgi.  

There were a few lines changed in http_core.c and http_conf_globals.h.
If this is something that you want to incorporate into the server, I ca
send in a patch, otherwise I will just keep it to myself.

The motivation behind this was the following if anyone really cares.  We
have a high-end SGI challenge S that serves 3 large clusters of web
users.  All in all we have about 10,000 users using this one machine as
their web server.  The machine's harware handles the load just fine, but
the Netscape server (besides being extremely buggy) has no elegant
protection form bad CGi scripts.  I had a few grad students runing
killall in their CGi's nuking the server and all.  Plus I want to be
able to limit CPU usage and number of processes through the OS, but I
can't if the server runs the same as the CGi's.  So by making all the
users CGi's setuid, they can now write to their own directory and i can
monitor the hell out of their scripts.  I set some obnoxiously low CPu
limit like 30 sec and all has been peachy.

If this is a patch you want to add to the distribution I can make it
available.  It is porbably not as elegant as you would like, but I
managed to add the options into the access.conf file so at least it
looks nice to the user.  Mail me if this is something that interests
you.
-- 
=========================================================================
| Andrew F. Nelson      Computer Science
|
| E-mail:               nelson@cs.umn.edu
|
| URL:                  http://www.cs.umn.edu/~nelson
|
| Title:                WWW Administrator / Systems Staff
|
|                       Computer Science and Institute of Technology
|
| "Murphy's Law isn't just a saying, it is a way of life!"
|
=========================================================================

----- End of forwarded message from Andrew F. Nelson -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message