httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: Question for the development team
Date Wed, 13 Aug 1997 20:26:15 GMT
suEXEC currently doesn't do a chroot() for CGI execution. There are 
several reasons that we did not take this extra step.

1. chroot() environments are not easy to setup
2. CGI often wants access to other tools outside of the local 
   directory which would make it rather difficult to setup.
  (see item 1)
3. suEXEC already limits execution of CGI to a compiled in 
   DOCUMENTROOT which offers _some_ of the benefit of a chroot() 
   without the hassle.
4. suEXEC runs the CGI as the defined owner of the file. *In 
   Theory* the CGI being executed can only do as much damage as 
   that user has privledges to do.

It is all a matter of degree of risk. In a more hostile 
environment, it may very well be worth making the changes to run in 
a chroot'ed environment.

> >Date: Wed, 13 Aug 1997 10:41:43 -0500
> >From: Ben Miller <>
> >X-Mailer: Mozilla 3.01 (Win95; I)
> >To:
> >Subject: Question for the development team
> >
> >Brian, I got your name from the Apache web site and I'm hoping that you
> >will be able to help answer a question.  I am looking to be able to run
> >CGI scripts in the most secure fasion possible.  I have read all the
> >docs on suEXEC and it seems that there is a major security advantage
> >missing from the apache CGI handling capability.  This may be an
> >intentional ommission but I have to ask.  Is there a way currenlty or in
> >development to have the suEXEC wrapper do a chroot to provide a file
> >system level security for each virtual server.  In other words if they
> >want to put a messy CGI script up and it screws up or is hacked it can
> >only ever affect the directory and files of the virtual server.
> >	Thanks in Advance,
> >		Ben Miller
> >
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL  - -

View raw message