Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 21394 invoked by uid 6000); 8 Feb 1998 14:34:07 -0000
Received: (qmail 21357 invoked from network); 8 Feb 1998 14:33:53 -0000
Received: from imdb.demon.co.uk (HELO robh.imdb.com) (194.222.68.23)
  by taz.hyperreal.org with SMTP; 8 Feb 1998 14:33:53 -0000
Date: Sun, 8 Feb 1998 14:26:25 +0000 (GMT)
From: Rob Hartill <robh@imdb.com>
X-Sender: robh@localhost
To: Apache Group <new-httpd@hyperreal.org>
Subject: followup to PR#1191, setlogin() is not called,
 causing problems with e.g. identd (fwd)
Message-ID: <Pine.BSF.3.96.980208142555.7327A-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org


---------- Forwarded message ----------
Date: 06 Feb 1998 16:13:03 -0800
From: Matt Braithwaite <mab@alink.net>
To: apache-bugs@apache.org
Subject: followup to PR#1191, setlogin() is not called, causing problems wi=
th e.g. identd

i couldn't figure out how to *add* to an existing PR, so maybe
somebody can just paste this into 1191 for me. :-)

another context in which the setlogin problem occurs is this.
fastmail calls getlogin to determine the default envelope sender of
mail that it sends.  in our environment, which is suexec under apache
1.2 on BSDI 3.1, if user `foo' su's (not su -'s) to root, fastmail
when run by a CGI will get `foo' from getlogin.  this is clearly
wrong; getlogin should return the name of the user that the CGI is
running as.

note that BSDI's getlogin does not operate via any of the numerous
hacks available, but by storing a string in a per-session data
structure (i'm assuming).  i infer this from the fact that i can
setlogin to a nonexistent username.

problems:

1) httpd should setlogin to the name of the user, because it makes a
guarantee to run as a particular user.

2) *especially*, suexec should setlogin to the name of the user owning
the CGI, because it absolutely should not permit any uncontrolled
aspects of the environment to leak through.

the PR comments:

> This is almost certainly not going to be changed for 1.3, since the
> setlogin() routine isn't available on all platforms.

i think this is ill-advised.  on the platforms where setlogin is
available, it defines an aspect of the environment that should be
controlled.

--
Matthew Braithwaite <mab@alink.net>
A-Link Network Services, Inc.    408.720.6161    http://www.alink.net/

Alors, =F4 ma beaut=E9!  dites =E0 la vermine / Qui vous mangera de baisers=
,
Qui j'ai gard=E9 la forme et l'essence divine / De mes amours d=E9compos=E9=
s!
                                               ---Baudelaire