httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] mod_cgid socket permissions
Date Thu, 20 Oct 2016 12:03:28 GMT
On Thu, Oct 20, 2016 at 5:06 AM, Lukas Erlacher <> wrote:
> Now, getting back to the statement in the apache docs: Is this a security
> violation / vulnerability? What can an attacker do with that socket other
> than execute arbitrary programs on the machine using their own permissions
> (plus www-data group)? They can already do that by virtue of being able to
> place arbitrary cgi scripts in their userdirs.

Presumably they could block your CGI scripts, or ask mod_cgid to run
scripts outside of those reachable by any URI.

Note that mod_cgid already chown's the socket to the configured
userid, but not the primary group. This allows the httpd children to
write to it.  I didn't see any info mod_suexec_custom, but suexec
should not be running until long after the socket communication
between httpd and cgid is over.   What talks to cgid in this case that
doesn't have a www-data userid?

Eric Covener

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message