httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Time's a wastin'
Date Tue, 24 Sep 1996 01:55:09 GMT
Randy Terbush wrote:
> > Jason A. Dour wrote:
> > > 
> > > 
> > > On Mon, 23 Sep 1996, Jim Jagielski wrote:
> > > > I have the patch, and it's "required" by many multi-group OSs.
> > > > I'll commit
> > > 
> > > 	How so?  I can't see how it would be a "requirement"...  Please
> > > explain.  Sorry to be redundant, please excuse me.  ;)
> > > 
> > 
> > the can_exec() call should check each possible group, instead of the
> > default. Thus, if the OS uses multiple groups, then Apache should support
> > that.
> I see your argument. Do you see the reason that Jason and I decided not
> to support multiple groups in setuid() execution?
> I don't necesarily want Joe Blow running my CGI program as _me_ just
> because we both happen to be in group www (unbeknownst to me) and I
> was stupid enough to leave the group x-bit set.

That would be a Bad Thing, no doubt at all about that. Any "wrapper"
should do both a setgid and setuid (in that order of course) to
ensure that the process only runs with the perms that that user
would. In that case, it's better to clear out the extra group
privs and run under the regular user's group. For example,
cgiwrap does that as well.

The can_exec() call, however, simply sees if a file is executable.
It does so by checking if it's runnable by the uid, gid and, at the
end, the world. The patch simply makes sure that can_exec() also
checks any extra groups the process may have, which makes sense.
For example, say only one group can run perl scripts. You want to
make sure the httpd process can do that, but you don't necessarily
want the httpd process's main group to be that one.
Jim Jagielski  << >>   |   "If we took the bones out
  **  jaguNET Access Services  **      |    then it wouldn't be crunchy"
      Email:          |            Whizzo Crunchy Frog
++         +++      Voice/Fax: 410-931-3157       ++

View raw message