httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Bentje <nore...@htp-tel.de>
Subject Re: [users@httpd] Securing cgi (suexec or another solution?)
Date Thu, 05 May 2005 04:58:01 GMT

Hello Christian,

therefore i search a special version of chroot,
searching a while, i find some mods
that don't fit my needs but maybe yours

try cgiwrap

type it in sourceforge.net ... there are only two 
project for choice 

cheers
marc 


Am Don, 2005-05-05 um 01.27 schrieb Christian Ehlers:
> Hello,
> 
>  
> 
> I have a question about securing my cgi scripts with suexec.
> 
>  
> 
> I have successfully setup my apache2 (V.: 2.0.52) with suexec.
> 
>  
> 
> I am trying to accomplish the following goals:
> 
>  
> 
> The cgi script should NOT:
> 
>    run as the apache user.
> 
>    be able to write to itself.
> 
>    be able to create files within it’s directory.
> 
>    be able to write to other cgi scripts in the same directory.
> 
>  
> 
>  
> 
> Unfortunately, suexec seems to require the directory and the cgi to be
> executed to be belonging to the user/group that executes it.
> 
>  
> 
> Is there any way to have suexec not check if the directory/program
> belongs to them?
> 
>  
> 
> I’d prefer to have my script owned by root and running under a normal
> user that is not the apache user.  Is there any way to accomplish this
> with either suexec or another solution?
> 
>  
> 
> Thanks for any help.
> 
>  
> 
> Regards,
> 
>  
> 
>  Chris
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message