httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Neulinger <nn...@umr.edu>
Subject Re: setuid control WITHOUT running as root
Date Mon, 03 Jun 1996 02:13:17 GMT
At 9:00 PM 6/2/96, Randy Terbush wrote:
> > > The UID is set for each VHost at startup. The VHost DocumentRoot
> > > specifies the domain for the effective UID. Whether you specify
> > > a ScriptAliased directory or not, the effective UID for the VHost
> > > is pretty simple unless I missed something.
> > >
> > > r->server->server_uid
> > > r->server->server_gid
> > >
> > > I think the real weakness here is giving enough functionality
> > > to the wrapper without *it* being the security risk. Which I
> > > am sure you are well aware of...
> >
> > That is not the wrapper... That is the apache module...
> >
> > You have to communicate that "trusted" uid<->vhost mapping to the wrapper
> > which is sucgi.
> >
> > -- Nathan
>
> I've probably been staring at this way too long, however I understood
> Sameer's question to be related to the Server's maping of uid to the CGI.
>
> The server communicates that ID through the command line to the wrapper,
> which is really the problem.
>
> Would it be possible to communicate this information through an mmapped()
> area? Passing the address to the wrapper?

Would be as insecure as passing via the command line, anyone could create a
mmap'd area...

Now, if you wanted to RSA encrypt the uid and gid, and give the server and
sucgi keys... *laugh*

-- Nathan

------------------------------------------------------------
Nathan Neulinger                  Univ. of Missouri - Rolla
EMail: nneul@umr.edu                  Computing Services
WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org



Mime
View raw message