httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Bloom <...@raleigh.ibm.com>
Subject RE: different users under Apache?
Date Tue, 17 Aug 1999 17:04:59 GMT

There are a lot of issues involved in doing this.  Currently, virtual
hosts are not tied to any particular child process.  For this to work
reliably cross-platform, they would have to be.  This is because some
Unix's allow any user process to change it's uid to any other user.  Other
Unix's do not allow this.  Only priviledged users can change to another
uid.

While this is an interesting idea, it is not really feasable, IMO.

Ryan

On Tue, 17 Aug 1999, John Wojtowicz wrote:

> At 06:28 PM 8/16/99 +0530, you wrote:
> >Yes, I agree Martin, I am marking it to new-httpd for
> >further dicussion/implementation.
> >
> >In brief, to new-httpd:
> >	Martin wants the virtual hosts to be able to run as different 
> >	system users (other than the main server User), not only for 
> >	script execution(with suEXEC) but ALSO for normal file access.
> >
> 
> This is definitely an interesting concept, however, I don't know if it
> is more secure.  Correct me if I'm wrong but the basis for security that 
> currently exists in Apache is based on the fact that
> the listening processes are not executing as root.
> 
> To do what you're proposing in the simplest manner would likely require 
> the listening processes to be exec()'d as root.  This would probably
> not be an acceptable solution. 
> 
> Or the listening processes would have to ONLY service one particular
> ip/port pair.  Again, correct me if I'm wrong but, this would
> probably require a big change to the code that handles making the 
> children processes.
> 
> And this all ignores any thing you might want to do with listening 
> threads in the future.  Which would probably make dealing with
> different process UID's trickier.
> 
> All this is a bit easier to secure up, when you're working on a 
> "Trusted" Unix OS, (which handles privileges differently than 
> "conventional" Unix Systems).  But thats a whole other story.
> I've actually ported Apache to Trusted Solaris 2.5.1, and have secured
> it up quite well by modifying it to take advantage of
> network labels, and the principle of least privilege.  
> 
> Owell just some thoughts on Apache security and running different
> vhosts as different users.
> 
> John
> 
> 
> --
> John Wojtowicz, Secure Systems Engr.  ph:    (703) 318-7134
> Trusted Computer Solutions, Inc.      fax:   (703) 318-5041
> 13873 Park Center Rd. Suite 225       email: jwojtowicz@tcs-sec.com
> Herndon, VA  20171                    http://www.tcs-sec.com/
> 

_______________________________________________________________________
Ryan Bloom		rbb@raleigh.ibm.com
4205 S Miami Blvd	
RTP, NC 27709		It's a beautiful sight to see good dancers 
			doing simple steps.  It's a painful sight to
			see beginners doing complicated patterns.	


Mime
View raw message