httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Shea <s...@gtsdesign.com>
Subject RE: suexec: lstat vs stat
Date Fri, 12 Mar 1999 04:37:50 GMT
On Thu, 11 Mar 1999, David Harris wrote:
> If you are customizing the execution of the CGI scripts, why are you
> modifying the main/util_script.c?

I presume you're looking at the patches for 1.2b3?  That version of
the patches creates new directives UserId and GroupId implemented
by mod_cgi.  That information is passed to the hacked suexec, which
in turn makes (I hope) all the necessary checks to see if this is
a reasonable request, then runs the programs as the desired user.
I was following the model of mod_sugid, which I used to use.  With
the advent of suexec, the mod_sugid author stopped issuing releases,
and I hacked up something that would take its place.

I can't remember what the later versions of the patches do, but I
supsect aobut the same thing.  There's a config file to double check the
user/group id requests.  So far the only way I've been able to think
of to get the flexibility I want, without hacking Apache code in such
a way that Apache could be implicated in security problems as
a result of holes in the new suexec code, is to use no information
whatsoever from Apache.  I haven't implemented that approach yet,
as I have preferred integrating as much as possible into the regular
Apache config file.

> Just modify suexec to ignore the passed user and group names and decide on
> whatever criterion you want. The API between Apache and suexec is well
> defined and has been constant. One only has to provide a dummy user or group
> directive in a virtual host to trigger the use of suexec by util_script.c.

A workable idea.

Is that what you're doing?  You trigger suexec (well, your faux suexec ;)
when you need it, but use only the filename and file ownerships
to determine what actions to take?  You're living within the suexec
API, basically?

I'm not crazy about the semi-hacky nature of providing a bogus directive
in order to trigger the desired behavior, but would be happy enough
with a directive that had the same effect and also made sense in English!
Shouldn't be too hard to implement, either.

>  - David Harris
>    Principal Engineer, DRH Internet Services


Mime
View raw message