httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] mod_cgid socket permissions
Date Thu, 20 Oct 2016 12:03:28 GMT
On Thu, Oct 20, 2016 at 5:06 AM, Lukas Erlacher <erlacher@in.tum.de> wrote:
> Now, getting back to the statement in the apache docs: Is this a security
> violation / vulnerability? What can an attacker do with that socket other
> than execute arbitrary programs on the machine using their own permissions
> (plus www-data group)? They can already do that by virtue of being able to
> place arbitrary cgi scripts in their userdirs.

Presumably they could block your CGI scripts, or ask mod_cgid to run
scripts outside of those reachable by any URI.

Note that mod_cgid already chown's the socket to the configured
userid, but not the primary group. This allows the httpd children to
write to it.  I didn't see any info mod_suexec_custom, but suexec
should not be running until long after the socket communication
between httpd and cgid is over.   What talks to cgid in this case that
doesn't have a www-data userid?


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message