httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oezguer Kesim <kesim-apa...@math.fu-berlin.de>
Subject Re: Contribution: SuEXEC Options
Date Sun, 15 Nov 1998 18:16:45 GMT
Thus spake Jim Jagielski (jim@jaguNET.com):

> My only comment on suEXEC is that, IIRC, it was designed to be as small
> and as "light" as possible. Sure, that made it somewhat restrictive and
> "less powerful" but easier to check out, security-wise. 

I know why suEXEC is build the way it is.  But I'm not talking about
`power', I'm talking about the necessary condition for our site can
start to use Apache.

And, hey, I'm not going to write a sendmail-like thing, we talk about a
software, which has no special data-structure, not more than three
functions, about four places, where a ?alloc occurs, about four places
where a snprintf or strncmp occurs, which almost everywhere says
"log_error(); exit();".  We _can_ test it.

It would be quite different to set httpd setuid root -- I don't ask for
that (No, no, no).

> If a hole exists in suEXEC, it gets placed right on Apache's door step,
> and that's another reason why it was designed the way it was: to reduce
> that possibility.  To increase the "power" and hence complexity of suEXEC
> does open Apache to just this scenario.

Well, if someone compiles suEXEC whit MAX_UID==0, and another exploits it,
the same thing will happen.  But it is not suEXEC's or Apache's fault.

> How about having these patches under 'contrib' or something a little
> bit more "removed" from the official source? There are other third-party
> programs (the best IMO being 'cgiwrap') which provide the extended capability
> and maybe this could be suEXEC+, which would also be 3rd party.

OK, the only thing I want to see in apache, is the possibility to say per
<Directory>:  Option SuExec.

The rest is up to the whatever wrapper.

cheers,
  oec

Mime
View raw message