httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Ghent <>
Subject Re: [PATCH] security - run mod_cgid's daemon under same user as Apache
Date Wed, 07 Jun 2000 20:47:02 GMT
On Wed, 7 Jun 2000, Jeff Trawick wrote:

| 3) create the af_unix socket as /tmp/cgisock after changing from root, with
|    permissions rw------- so that no local users (other than the one httpd runs 
|    as) can cause problems
|    Problems: 
|      depending upon the permissions on /tmp, any local user can remove the
|      socket and thus break cgis (SHOWSTOPPER)

I think most OSes ship with the sticky bit set on /tmp (and at least
Solaris 2.8 sets it on /var/tmp, as well). Perhaps apache could detect
whether this is set when it sets up the unix socket and issue a warning if
sticky isnt set?

|      the socket doesn't live under normal Apache directory structure, which 
|      is sloppy 

I personaly would not consider this a major obstable. I think /tmp is
generally accepted as the place for, well, temporary use. Many other
software suites use /tmp for sockets and named-pipes (BIND/ndc, MySQL,
various OS-specific apps)

In leu of /tmp, I suppose the next place for the socket would be
$SERVER_ROOT/logs, but with already in there, $SERVER_ROOT/logs
is already turning into something other than a place just to stash access
and error logs.

My thought is to make the default dir /tmp, with a autoconf option for
specifying a different place if the admin prefers.

Perhaps a "$SERVER_ROOT/run" directory or something of the sort for things
like sockets and pid files is in order. blarg.

|      you can't run more than one copy of Apache at once; the second copy 
|      would remove /tmp/cgisock, create a new one, and the first Apache would
|      send CGI requests to the second CGI daemon (SHOWSTOPPER)

Couldnt the socket be made as "/tmp/cgisock.PID" ? This would pretty much
ensure that multiple instances get their own socket and leave any others
well alone.


View raw message