httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Carmack <kar...@karmak.org>
Subject Re: Removing an suexec check
Date Tue, 14 May 2002 04:12:50 GMT
On Fri, May 10, 2002 at 07:40:06AM -0700, Joshua Slive wrote:
> 
> I think you are missing an important point.  Again, consider the case
> where someone compromises the apache userid.  Then they would have
> available to them a program (suexec) that could run any accessible program
> under any userid they wanted.  This would likely allow them to quickly
> compromise any userid on the system.

I see your point.

Suppose I'm in a virtual hosting environment, where I set the User and
Group directives for every request, causing all of the vhosts (including
the default <VirtualHost *>) to run under a unique User/Group, none of
which are the apache User/Group. Furthermore, access to CGI outside the
each vhost's document root is prohibited by default, so only those CGI
scripts that have been explicitly requested will be available to any
given vhost.

Can you think of a way (short of a unknown software glitch) that this
environment can be exploited if the suexec uid/gid/suid/sgid checks are
skipped? If I understand things correctly, with this setup CGI should 
never be executed under the Apache UID/GID (preventing arbitrary suexec
calls), and CGI will only be run under a vhost UID when explicitly
requested (preventing execution of insecure code).

m.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message