httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bannister <is...@c8h10n4o2.org.uk>
Subject Re: Feedback needed: suexec different-owner patch
Date Sat, 19 Mar 2016 17:20:17 GMT
On 19 March 2016, monttyle@heavyspace.ca wrote:
>Since its been a while since this issue was mentioned, this patch
>allows 
>Apache to suexec files by a different (but still restricted by UID) 
>owner, to avoid the security issue where apache forces you to suexec to
>files it has full chmod access to.


That patch builds on what I'd consider as a legacy feature. I have not used suexec for a long
time: it is risky, and on the one recent-ish occasion when I wanted something like suexec,
I also wanted to chroot() / jail() / otherwise separate the CGI application from the main
system.

httpd's users do sometimes need to have web content served using processes that have different
privileges to httpd, and perhaps are also isolated from one another. suexec achieves some
of this albeit not well.
It feels to me as if some kind of FastCGI process manager, combined with a privileged helper,
could be used to fill the gap that mpm_itk and suexec don't completely cover.

I'll add to my To Do list (and maybe also Bugzilla) a task to see what already exists and
document how to use that in place of suexec.
If nothing out there already works, then my idea is to code that up as well.

I wish I could say when I might get round to that, but the way if these things is that it's
easy to start this kind of task and rather more difficult to complete them.

As to whether to take the suggested patch: +0. I don't think it will make things worse; however,
I don't feel qualified to comment on security-critical code.

Tim


-- 
Tim Bannister – isoma@c8h10n4o2.org.uk

Mime
View raw message