httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: [PATCH] suexec to work with relative paths
Date Thu, 15 Nov 2001 02:12:02 GMT
On Wed, Nov 14, 2001 at 03:45:23PM -0800, Marc Slemko wrote:
> > Implementation Details:
> > 
> >  - Apache forms absolute paths for each of the above suexec pathnames,
> >    even if they are presented in a relative form.
> > 
> >  - The logpath and suexec docroot (not the main docroot) are passed as
> >    new parameters to the suexec call. (This seems OK to me, since we're
> >    already "trusting" the other argv params passed to suexec.)
> 
> NO!
> 
> These things can not be passed on the command line.  That is a gaping
> security hole.  suexec is designed in a very restrictive manner on purpose
> with the assumption that anything passed on the command line is suspect,
> and should be treated as such.  That is why there is a hardcoded 
> docroot, etc.
> 

Hmm...This was my main concern. Is there any way we can make suexec's
docroot relative to the ServerRoot (determined at runtime)? Although
suexec itself protects against it, we probably want to either come up with
a way to support relative paths, or write autoconf code to fail/disable
suexec when relatives paths are specified.

-aaron


Mime
View raw message