httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Neulinger <nn...@umr.edu>
Subject Re: setuid control WITHOUT running as root
Date Mon, 03 Jun 1996 01:14:54 GMT
At 7:47 PM 6/2/96, Randy Terbush wrote:
> > At 4:39 PM 6/2/96, sameer@c2.org wrote:
> > > >
> > > > I see no problem with suCGI suitably modified with the above checks
>for use
> > > > in personal user directories... But I don't see an easy way to do for
> > > > virtual hosts that will both work and is safe.
> > >
> > >         I think that for virtual hosts you can have a mapping of
> > > vhost->uid *and* the CGIs must be owned by that UID. Shouldn't be a
> > > problem. Unless I misunderstand what you are saying here.
> >
> > The problem is getting the wrapper to know that... I.e. the wrapper will
> > have to read a config file of some sort to find out what uid is mapped to
> > what virtual dir.
> >
> > -- Nathan
>
> The UID is set for each VHost at startup. The VHost DocumentRoot
> specifies the domain for the effective UID. Whether you specify
> a ScriptAliased directory or not, the effective UID for the VHost
> is pretty simple unless I missed something.
>
> r->server->server_uid
> r->server->server_gid
>
> I think the real weakness here is giving enough functionality
> to the wrapper without *it* being the security risk. Which I
> am sure you are well aware of...

That is not the wrapper... That is the apache module...

You have to communicate that "trusted" uid<->vhost mapping to the wrapper
which is sucgi.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                  Univ. of Missouri - Rolla
EMail: nneul@umr.edu                  Computing Services
WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org



Mime
View raw message