httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: suexec concerns
Date Sat, 04 Jan 1997 07:38:19 GMT
Marc Slemko wrote:
> 
> On Fri, 3 Jan 1997, Randy Terbush wrote:
> 
> > 
> > > Hang on.  The parent httpd, normally running as root, knows for sure who
> > > its children are.  All we need is a way for suexec to ask the parent if
> > > process x is a child of the parent or not.  Part of that could be already
> > > implemented in the scoreboard stuff.  Comments? 
> > 
> > I tried to find a way to trace the "lineage" of a process for this
> > very reason. While I *think* it would be possible to do this by
> > mucking through kvm, I can't imagine how to make someting like this
> > portable. If you could come up with something, this would be golden.
> 
> suexec knows who its parent is with getppid().  The parent will be in the
> scoreboard.  iff the ppid is in the scoreboard, then it was called from a
> running copy of apache.  There is more to it than that, but I think that
> idea could work.  The trick comes on systems that mmap it.  Perhaps I will
> look at what apache is actually doing there to see how practical it is.
> 

A thought... Apache knows when it will fork suexec. How about if
it opens a socket or pipe and somehow delivers the fd to suexec.
At that point, suexec can "talk" to Apache. Need some way to ensure
that the the fd can't be compromised or someone can't fake Apache...

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
                  "Not the Craw... the CRAW!"

Mime
View raw message