httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [RFC} mod_suexec... changing the ap_hook_get_suexec_identity
Date Tue, 06 Aug 2002 15:11:06 GMT
On Tue, 6 Aug 2002, Ian Holsman wrote:

> >>affected files would be modules/generators/mod_suexec.c
> >>&
> >>unixd/unixd.c both of which have the server-rec.
> >>
> >>this change is to allow other things to start suexec'd things at
> > 
> > startup.
> > 
> > Why do you want to be able to start other suexec'd things at startup?
> > Wouldn't the security model for SuExec make this complex?  For example,
> > the program being run must be within the Apache web space.  Why would
> > you want to run a program in that space at startup?
> > 
> for FastCGI.
> it needs to spawn some procs which do CGI. so it suExec's the program 
> which sits there for all the requests to use.

But I don't think you want to use SuExec for this.  This problem is that
the FastCGI binary would have to be in the Apache web space, which means
that a well formed request could actually launch another copy of the
FastCGI daemon.

I think you are better off having code in the binary that gets the
user/group from the Apache binary (probably passed on the command line),
and have the binary do the setuid itself.  This also has the advantage
that when you aren't running Apache as root, the FastCGI binary most
likely doesn't have the permission required to do a setuid, but since you
are already running as the correct user, you are okay.

Ryan Bloom               
550 Jean St
Oakland CA 94610

View raw message