Received: by taz.hyperreal.com (8.6.12/8.6.5) id NAA22534; Sun, 2 Jun 1996 13:06:17 -0700 Received: from arachnet.algroup.co.uk by taz.hyperreal.com (8.6.12/8.6.5) with SMTP id NAA22521; Sun, 2 Jun 1996 13:06:13 -0700 Received: from heap.ben.algroup.co.uk by arachnet.algroup.co.uk id aa03095; 2 Jun 96 21:05 BST Received: from gonzo.ben.algroup.co.uk by heap.ben.algroup.co.uk id aa02375; 2 Jun 96 20:29 BST Subject: Re: setuid control WITHOUT running as root To: new-httpd@hyperreal.com Date: Sun, 2 Jun 1996 20:24:58 +0100 (BST) From: Ben Laurie In-Reply-To: <199606021917.OAA28442@sierra.zyzzyva.com> from "Randy Terbush" at Jun 2, 96 02:17:52 pm X-Mailer: ELM [version 2.4 PL24 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1156 Message-ID: <9606022024.aa06980@gonzo.ben.algroup.co.uk> Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com Randy Terbush wrote: > > > How would you suggest doing this? > > > > Maybe a simple check to see if User for this VHost is defined to > > be different from the main server id and calling the wrapper if it is? > > > > Exactly --- check if those two integers are equal, and bypass the wrapper > > if so. What's the fuss? > > > > rst > > No muss, no fuss. Works just dandy. > > One other option here that might make some people feel even better > about this code... any installation of a wrapper program would > default to be non-suid. Anyone who changed that would be assuming the > risks. Uh? Why not just not install it at all (it can't do anything useful if it is not setuid, can it?). BTW, I've almost decided that chroot() doesn't help with security (because a Bad Guy can still make something setuid to the attacked uid which can then be exploited by another route). Cheers, Ben. > > > > -- Ben Laurie Phone: +44 (181) 994 6435 Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director Email: ben@algroup.co.uk A.L. Digital Ltd, URL: http://www.algroup.co.uk London, England.