httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aidan Cully <ai...@panix.com>
Subject Re: [PATCH] "responsible party" for requests.
Date Fri, 07 May 1999 20:29:21 GMT
On Thu, May 06, 1999 at 05:46:04PM, Raymond S Brand said:
> Aidan Cully wrote:
> > 
> > In an effort to make this a slightly easier discussion for people
> > to get involved in, let me explain what the SuEXEC-related changes
> > are supposed to do..
> > 
> ...
> > 
> > I'd like to know that I solved this PR in a good way..  Can
> > someone else that uses SuEXEC please look at the patch?
> > 
> 
> I use suexec and, at a previous employer, needed something similar
> to what you seem to be wanting to do. I've looked at the patch,
> though not tried it.
> 
> Current Apache/suexec behavior is to execute the CGI as User:Group
> from the config files or as UID:GID of the user from the passwd file.
> 
> The patched behavior adds execution as UID:GID of the file to execute.
> The difference is the GIDs and the new behavior is a setGID script.
> This I see as a security hole.

I've thought about this argument, and I don't think I buy it..  If a
file ever gets created that's owned by the user, and in a group the
user isn't in, there's already a security hole..  The user can already
chmod g+s on the file, and then call the setgid script from another
script since SuEXEC doesn't like setid.

And, of course, if the server isn't configured with this directive,
behaviour shouldn't change.

--aidan
-- 
Aidan Cully       "Specialists without spirit, sensualists without heart;
Panix Staff        this nullity imagines that it has attained a level of
aidan@panix.com    civilization never before achieved."   -- Goethe

Mime
View raw message