www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: general/985: suggestion: check permissions via os-userbase
Date Mon, 11 Aug 1997 18:10:02 GMT
The following reply was made to PR general/985; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Chris <x@reg.x.camelot.de>
Subject: Re: general/985: suggestion: check permissions via os-userbase
Date: Mon, 11 Aug 1997 12:00:22 -0600 (MDT)

 
 On Mon, 11 Aug 1997, Chris wrote:
 
 > hi!
 > 
 > > Synopsis: suggestion: check permissions via os-userbase
 > 
 > > It is far more complicated than you make out to do so.
 > 
 > i hope you're wrong... :)
 
 We have looked at this quite closely.
 
 > 
 > > You then need to trust your web server with root and
 > > Apache would have to run as root.  That isn't acceptable.
 > 
 > it's absolutely no doubt that the httpd shouldn't run as root, but
 > the httpd just had to start an instance of itself with the uid and
 > password given by the user - no need to run as root. this works with
 > a shell with uid != 0 -> call of su -> shell with uid == 0  -  so why
 > shouldn't that work for apache as well? :)
 
 Erm... you don't understand the way Apache works.  We can't just start a
 process as any user we want.  We have to be root.  To know what uid to
 start it as, we have to start serving the request.  That means we have to
 start serving the request as root.  With persistent connections, there can
 be more than one request per connection.  How are we supposed to switch
 uids in the middle of a connection?  We also don't create a new process
 for each request to begin with, since that is horribly inefficient. 
 Apache is a tad more complex than su. 
 
 Or are you trying to claim that Apache should run su?  The fact is that
 things are a _lot_ more complicated than you make out.  Saying "you should
 just be able to do x" is fine, but the problem is that it isn't that easy
 to actually do.
 
 [...]
 > oh, btw, IIS and as i've heard CERN both support this feature... but i
 > like apache quite much and i really dislike the idea to go back to CERN
 > again...
 
 Many programs support many features.  Hey, there is one web server that
 defaults to running all CGIs as root and makes it very difficult to change
 that.  That doesn't mean it is a good idea. 
 
 If you want to implement this, go ahead.  I am simply saying that it is
 not something we will likely be considering in the near future because it
 can not be done safely.
 

Mime
View raw message