httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steinar H. Gunderson" <se...@samfundet.no>
Subject Re: mpm-itk and upstream Apache, once again
Date Mon, 23 Jul 2012 10:40:03 GMT
On Sun, Jul 22, 2012 at 09:57:18PM +0200, Stefan Fritsch wrote:
> And if it gets secured to where a code execution exploit does not grant
> full root rights, I would probably be in favor of including it with httpd.

I took a look using seccomp for this, and it would seem it is actually
rather hard; you can limit setuid() and setgid() easily enough to a range
(so that you'd typically exclude root, daemon and other low-uid stuff),
but setgroups() takes in a pointer of supplementary gids to add. I can't find
any good ways of looking into that list, so it would seem a rogue process
could arbitrarily add any gid (like, 0) to its list.

So it seems to be hard to properly restrict gid, but maybe restricting uid
would already give a significant win?

/* Steinar */
-- 
Homepage: http://www.sesse.net/


Mime
View raw message