httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allan Liska <al...@allan.org>
Subject [PATCH] security_tips.html
Date Thu, 04 Oct 2001 03:02:42 GMT

I have incorporated the suggestions made by Joshua, and I am resubmitting
this patch for discussion.  Again, any feedback is greatly appreciated, as
it helps me get a better feel for what is expected going foward.

Thanks!

allan



Index: httpd-docs-1.3/htdocs/manual/misc/security_tips.html
===================================================================
RCS file: /home/cvspublic/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.25
diff -u -r1.25 security_tips.html
--- httpd-docs-1.3/htdocs/manual/misc/security_tips.html	2001/10/02 15:40:07	1.25
+++ httpd-docs-1.3/htdocs/manual/misc/security_tips.html	2001/10/04 03:06:02
@@ -95,15 +95,46 @@

     <h2><a id="ssi" name="ssi">Server Side Includes</a></h2>

-    <p>Server side includes (SSI) can be configured so that users
-    can execute arbitrary programs on the server. That thought
-    alone should send a shiver down the spine of any sys-admin.</p>
+    <p>Server Side Includes (SSI), present a server administrator with
+    several potential security risks.</p>
+
+    <p>
+    The first risk is the increased load on the server.  All SSI-enabled
+    files have to be parsed by Apache, whether or not there are any SSI
+    directives included within the file.  While this load increase is
+    minor, in a shared server environment it can become significant.</p>
+
+    <p>
+    SSI files also pose the same risks that are associated with CGI scripts
+    in general.  Using the "exec cmd" element, SSI-enabled files can execute
+    any CGI script or program that is owned by same userid as the user and
+    group configured in httpd.conf.  That should definitely give server
+    administrators pause.</p>

-    <p>One solution is to disable that part of SSI. To do that you
-    use the IncludesNOEXEC option to the <a
-    href="../mod/core.html#options">Options</a> directive.</p>
+    <p>
+    There are ways to enhance the security of SSI files, while still taking
+    advantage of the benefits they provide.</p>

-    <p></p>
+    <p>To decrease the amount of damage a wayword SSI file can cause a
+    server administrator can enable <a href="../docs/suexec.html"
+    >suexec</a>.  Suexec provides several levels of protection for a
+    server. It limits the users who can execute CGI scripts or programs
+    on the server (by restricting access only to the user and group defined
+    in httpd.conf).  Suexec also checks to ensure all parsed files meet
+    its security standards prior to execution.
+
+    <p>
+    Enabling SSI for files with .html or .htm extensions is probably a bad
+    idea.  This is especially true in a shared, or heavily
+    trafficked, server environment.  SSI-enabled files should have a
+    separate extension, such as the conventional .shtml.  This helps keep
+    server load at a minimum, and increases security.</p>
+
+
+    <p>Another solution is to disable the #exec element within SSI. To do
+    this replace Options Includes with Options IncludesNOEXEC within the
+    <a href="../mod/core.html#options">Options</a> directive.</p>
+
     <hr />

     <h2><a id="nsaliasedcgi" name="nsaliasedcgi">Non Script Aliased




-- 
Allan Liska
allan@allan.org
http://www.allan.org


---------------------------------------------------------------------
To unsubscribe, e-mail: apache-docs-unsubscribe@apache.org
For additional commands, e-mail: apache-docs-help@apache.org


Mime
View raw message