httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: WWW Form Bug Report: "cgi-bin scripts get run as root despite conf" on Irix
Date Fri, 07 Jun 1996 23:53:50 GMT
  I have a feeling, untested, that you could provide a "uniform" solution by
  placing the setuid/gid code in the process_request routine around the
  process_request_internal code. 

That goes against my instincts... right now, the code which deals with
management of the various privilege levels that the server runs under is
entirely in http_main.c, and I think it would make the code in general
less maintainable to start scattering it hither and yon in other files.
In any case, process_request is surely the wrong place --- you *really*
want to lose privs before reading any data from the client, to limit
the damage if someone finds an exploitable bug in read_request (it's
happened --- not in any release of ours, at least not *yet*, but the
surest way to make that luck run out is to take it for granted).

  Thanks for the patch!  I'm no longer giving away my mode ?00 root files.

Okey-dokey... I'll take that as at least a tentative confirmation that
the patch *does* work as intended.  We're trying to get a new beta
out the door pronto, and it's possible that a patch presented for
integration at this late date may not make the cut, but so long as we
still claim to be supporting inetd [I'm talking to Apache folks now],
I think it really does belong in 1.1 final.

The patch, if any committer is reading this late on a Friday, follows
once again:

*** http_main.c~	Sun May 12 21:00:12 1996
--- http_main.c	Wed Jun  5 16:23:19 1996
***************
*** 1468,1475 ****
  	set_group_privs();
  	default_server_hostnames (server_conf);
  
!         user_id = getuid();
!         group_id = getgid();
  
  	c = sizeof(sa_client);
  	if ((getpeername(fileno(stdin), &sa_client, &c)) < 0)
--- 1468,1478 ----
  	set_group_privs();
  	default_server_hostnames (server_conf);
  
! 	/* Only try to switch if we're running as root */
! 	if(!geteuid() && setuid(user_id) == -1) {
! 	    log_unixerr("setuid", NULL, "unable to change uid", server_conf);
! 	    exit (1);
! 	}
  
  	c = sizeof(sa_client);
  	if ((getpeername(fileno(stdin), &sa_client, &c)) < 0)

Mime
View raw message