httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v...@hansenet.com
Subject AW: PHP and other security problems - a solution idea
Date Tue, 23 Apr 2002 10:07:47 GMT
> 1. In order to do the setuid, the server would need to be running as 
> root during the request processing phase.  Any bug in Apache request 
> processing would then open an instant root hole.

Yes, that's a major problem.


> 2. If you setuid in such a way that you can get back to the original 
> root id, then there is no way to prevent your cgi/php script 
> from also 
> getting back to the original root id.  In other words, to do this 
> safely, you need to completely give up the original privelges.  Then 
> the process would need to die after serving the request.  This would 
> make for an incredibly slow server.

Obviously. I was under the - as it seems mistaken - impression that when
the setuid'd process forks again (i.e. executes a CGI or an exec' command
from PHP), it will inherit the EFFECTIVE, i.e. the dropped/user UID, not
the real (root) one.


> If you have enough resources, you can get 
> a similar 
> effect now by just running separate copies of apache for each 
> user.  

Not an option with several thousand users/domains. :)



Mime
View raw message