httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject RE: [Fwd: Re: [RFC} mod_suexec... changing the ap_hook_get_suexec_identity]
Date Wed, 07 Aug 2002 15:08:17 GMT
On Tue, 6 Aug 2002, Rob Saccoccio wrote:

> >  > > Why do you want to be able to start other suexec'd things at startup?
> >  > > Wouldn't the security model for SuExec make this complex?
> > For example,
> >  > > the program being run must be within the Apache web space.  Why would
> >  > > you want to run a program in that space at startup?
> >  > >
> >  > for FastCGI.
> >  > it needs to spawn some procs which do CGI. so it suExec's the program
> >  > which sits there for all the requests to use.
> >
> > But I don't think you want to use SuExec for this.  This problem is that
> > the FastCGI binary would have to be in the Apache web space, which means
> > that a well formed request could actually launch another copy of the
> > FastCGI daemon.
> 
> No, it won't.  Such a request would *use* the spawned FastCGI application.

I don't see how.  If I make a request that resolves to the FastCGI
program, how is the module going to know that it isn't supposed to launch
that program again?

> > I think you are better off having code in the binary that gets the
> > user/group from the Apache binary (probably passed on the command line),
> > and have the binary do the setuid itself.  This also has the advantage
> > that when you aren't running Apache as root, the FastCGI binary most
> > likely doesn't have the permission required to do a setuid, but since you
> > are already running as the correct user, you are okay.
> 
> This is functionality that has been available in mod_fastcgi for years under
> 1.3.

Maybe I am mis-understanding the request.  As I read the request, you are
looking to make the FastCGI binary be created with the SuExec
binary.  That seems gratuitous to me, because there are more secure ways
to do it.

If the request is to allow FastCGI to use SuExec, then yeah I can see the
benefit.

The problem may be my understanding of FastCGI.  I always thought it was
kind of like mod_cgid, except that once the program was up and running it
stayed up.  If it launches the binaries at startup, then your change would
be required, yes.

> If the proposal is going to cause heartburn, I can work around it by
> requiring a user/group be specified with the directive under Apache2.

No heartburn, just trying to understand the issues.

Ryan
_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------


Mime
View raw message