httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jille Timmermans <ji...@quis.cx>
Subject User/group security without CGI (SuEXEC)
Date Mon, 05 May 2008 11:26:40 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello hackers!

I was thinking of creating a more secure environment for running
webscripts (mod_php in my case),
I want to run php scripts as their owner.

I tought of the following scheme's:
http://junk.quis.cx/fViKmLRi/apache-user-scheme-p1.png
http://junk.quis.cx/bPkxwAbI/apache-user-scheme-p2.png

And an setting:
ExecutiveUser %n # This should run php scripts as $script-owner
ExecutiveUser www-%n # this should run php scripts as www-$scriptowner
ExecutiveGroup www
ExecutiveGroup www-%n
(%n meaning the script-owners username, and eg %u for the script-owners uid)

This would (eg) enable me to:
quis@istud:~# id
uid=1000(quis) gid=1000(users) groups=1000(users),10000(www-quis)
quis@istud:~# id www-quis
uid=10000(www-quis) gid=10000(www-quis) groups=10000(www-quis)
quis@istud:~# chown quis:www-quis public_html
quis@istud:~# chmod 750 public_html

So only 'my' apache-runas user can access my scripts.

How do you think about this idea ?
It does decrease the performance a bit (Workers should parse the
request, put it in some shm, Executive should pick it up from the shm
and really run the php-script (See the links above for the terms Worker
and Executive)
But if the option is not specified it is possible to do it 'the old way'.
Would it be possible to implement this as an MPM, or MOD ?
(I don't know enough (yet) of apache to say that.)
If that is possible there is no loss when it is disabled.

- -- Jille Timmermans
Ps Feel free to shoot me or my idea, or give suggestions for improving it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkge7vAACgkQacI4LQTe9EXNlACfdvZODF399uuwaDFJrUoTISOO
dAcAmQFnPinNwCrpCnUVvxu20wwFmybo
=Y2CY
-----END PGP SIGNATURE-----

Mime
View raw message