Received: by taz.hyperreal.com (8.7.5/V2.0) id TAA03292;
 Mon, 23 Sep 1996 19:02:46 -0700 (PDT)
Received: from sierra.zyzzyva.com by taz.hyperreal.com (8.7.5/V2.0) with ESMTP
 id TAA03285; Mon, 23 Sep 1996 19:02:40 -0700 (PDT)
Received: from sierra.zyzzyva.com (localhost [127.0.0.1]) by
 sierra.zyzzyva.com (8.7.5/8.7.3) with ESMTP id VAA22288 for
 <new-httpd@hyperreal.com>; Mon, 23 Sep 1996 21:02:23 -0500 (CDT)
Message-Id: <199609240202.VAA22288@sierra.zyzzyva.com>
To: new-httpd@hyperreal.com
Subject: Re: Time's a wastin' 
In-reply-to: jim's message of Mon, 23 Sep 1996 21:55:09 -0400.
         <199609240155.VAA02415@shado.jaguNET.com>
X-uri: http://www.zyzzyva.com/
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 23 Sep 1996 21:02:23 -0500
From: Randy Terbush <randy@zyzzyva.com>
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


Agreed.


> Randy Terbush wrote:
> > 
> > > Jason A. Dour wrote:
> > > > 
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > 
> > > > On Mon, 23 Sep 1996, Jim Jagielski wrote:
> > > > > I have the patch, and it's "required" by many multi-group OSs.
> > > > > I'll commit
> > > > 
> > > > 	How so?  I can't see how it would be a "requirement"...  Please
> > > > explain.  Sorry to be redundant, please excuse me.  ;)
> > > > 
> > > 
> > > the can_exec() call should check each possible group, instead of the
> > > default. Thus, if the OS uses multiple groups, then Apache should support
> > > that.
> > 
> > I see your argument. Do you see the reason that Jason and I decided not
> > to support multiple groups in setuid() execution?
> > 
> > I don't necesarily want Joe Blow running my CGI program as _me_ just
> > because we both happen to be in group www (unbeknownst to me) and I
> > was stupid enough to leave the group x-bit set.
> > 
> 
> That would be a Bad Thing, no doubt at all about that. Any "wrapper"
> should do both a setgid and setuid (in that order of course) to
> ensure that the process only runs with the perms that that user
> would. In that case, it's better to clear out the extra group
> privs and run under the regular user's group. For example,
> cgiwrap does that as well.
> 
> The can_exec() call, however, simply sees if a file is executable.
> It does so by checking if it's runnable by the uid, gid and, at the
> end, the world. The patch simply makes sure that can_exec() also
> checks any extra groups the process may have, which makes sense.
> For example, say only one group can run perl scripts. You want to
> make sure the httpd process can do that, but you don't necessarily
> want the httpd process's main group to be that one.
> -- 
> Jim Jagielski  << jim@jaguNET.com >>   |   "If we took the bones out
>   **  jaguNET Access Services  **      |    then it wouldn't be crunchy"
>       Email: info@jaguNET.com          |            Whizzo Crunchy Frog
> ++    http://www.jaguNET.com/         +++      Voice/Fax: 410-931-3157       ++