httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: suexec concerns
Date Sat, 04 Jan 1997 16:59:44 GMT
> >I personally think it would be a Good Idea if suExec could be made
> >as cgiwrap-like as possible, maybe by a compile-time selection. This
> >includes forcing ~/public_html/cgi-bin restrictions and the like.
> >I know Nathan is following this group and think a "merger" of
> >suexec and cgiwrap for Apache would be good (of course, a
> >standalone cgiwrap would still be needed for the unenlightened).
> >
> >cgiwrap is really designed around user's cgi-scripts, whereas I
> >think that the focus for suexec has not been... At least, I don't
> >think that it's been used in a cgiwrap-like way, since it assumes
> >a "central location" for scripts.
> >
> >Nathan, comments?
> 
> Hmm... Well, what I'd almost like to see is some way of making cgiwrap
> itself usable as the wrapper portion.
> 
> The big thing that suexec does that cgiwrap wasn't really designed for is
> cgi-scripts directly in user dirs (i.e. using the .cgi extension and an
> addtype). Whenever the directory that is being used for the cgi scripts
> themselves is isolated, cgiwrap can be used without much trouble.

This is the problem that I ran into in the past when trying to come
up with a setuid() solution for CGI in my environment. We don't care
where the .CGI is installed, and we don't allow it for ~user.

While I welcome Nathan's feedback regarding suexec, it is my feeling
that the Apache group's mission WRT suexec is to provide a simple,
fast and secure wrapper to handle the functionality given by Apache
without getting into a battle with CERT. If other projects like
Nathan's choose to provide their own drop-in replacements, *great*.
I would rather not become burdened with providing the
"all singing/all dancing" version of the wrapper program.

To accomplish these goals, I think that we need to provide a somewhat
anal solution. From the discussion that Marc has raised, I see that
requiring ~user CGI to be limited to a cgi-bin directory goes a long
way toward that goal. If we could also lift the functionality that 
RST and Ben hammered out awhile back, that would make things that
much more secure. Though I don't know that the later solution needs
to go into 1.2 to make me feel comfortable about this.








Mime
View raw message