httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 20:22:44 GMT
> Randy Terbush wrote:
> > 
> > >   How would you suggest doing this?
> > > 
> > >   Maybe a simple check to see if User for this VHost is defined to
> > >   be different from the main server id and calling the wrapper if it is?
> > > 
> > > Exactly --- check if those two integers are equal, and bypass the wrapper
> > > if so.  What's the fuss?
> > > 
> > > rst
> > 
> > No muss, no fuss. Works just dandy.
> > 
> > One other option here that might make some people feel even better
> > about this code... any installation of a wrapper program would 
> > default to be non-suid. Anyone who changed that would be assuming the
> > risks.
> Uh? Why not just not install it at all (it can't do anything useful if it is
> not setuid, can it?).

True. With the change I just made from RST's suggestion, setting User
or Group in a VHost config would cause execution of scripts in that
VHost to fail if the selected UID was different than the default.

> BTW, I've almost decided that chroot() doesn't help with security (because a
> Bad Guy can still make something setuid to the attacked uid which can then be
> exploited by another route).

I agree. In the chroot() environment that we run, there are a lot less
tools available if they would break it, and the area that they can
destroy is less. Still not a comfortable solution when running as root.
I suppose that there are other routes through the network layers that
could be exploited as well. I'm very happy to be able to switch off
EUID root.

View raw message