httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: cvs commit: apache-2.0/src/modules/mpm/winnt winnt.c
Date Mon, 19 Jun 2000 00:04:28 GMT
> From: Daniel S. Reichenbach [mailto:dsr@opensa.org]
> Sent: Sunday, June 18, 2000 3:05 PM
> 
> > suexec is a Unix only thing. It uses User and Group directives (soon
> > to be SuexecUser and SuexecGroup to lessen confusion). These need
> > merging. In addition, there will be data from request processing
>
> Just a question for those Win32 guys: M$ has integrated some similar
> thing to suexec into Win2k, which allows to run programs etc. under
> a different userid. If this function is accessible for programs,
> things would even get uglier. I didn`t find something about it in the
> Platform SDK yet, just stumbled accross it while testing Win2k.

I think alot of Winnt folk are looking down this direction.  Frankly, 
I don't trust using the M$ binaries beyond the Win32 API in Apache... 
I agree with the general Apache community that security that can be 
audited by everyone is healthy.  That executable is best made taboo.

But I'm looking a little deeper, allowing the server to call the
ImpersonateUser functions to layer on security within specific CGI
or web folders.  There are huge ramifacations, I am aware.  The rules
will be -extremely- tight to pull it off.  But I believe it can be
safely done.

To cover the concerns, I believe the natural unix behavior (without
enabling suexec) could be a crossplatform-no impersonation base model.
The unix suexec or suexec/Win32 would each be their own beasts, with
the additional code to handle this security.  Unix probably wouldn't
change much, but several different unix thread/process mpm's could
probably share the same suexec module.  Win32's would look entirely
different, of course, but retain as much in common with the rules,
behaviors and config directives of suexec.


Mime
View raw message