www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_env/370: Modified PATH environemnt variable is not passed, instead system's is used (fwd)
Date Mon, 25 Aug 1997 06:30:02 GMT
The following reply was made to PR mod_env/370; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Subject: Re: mod_env/370: Modified PATH environemnt variable is not passed, instead system's
is used (fwd)
Date: Mon, 25 Aug 1997 00:21:55 -0600 (MDT)

 
 
 
 ---------- Forwarded message ----------
 Date: Tue, 15 Apr 1997 10:32:00 -0500
 From: "P. Alejandro Lopez-Valencia" <alejolo@ideam.gov.co>
 To: Marc Slemko <marcs@znep.com>
 Subject: Re: mod_env/370: Modified PATH environemnt variable is not passed, instead system's
is used
 
 
 Quoting: Re: mod_env/370: Modified PATH environemnt variable is not
 By: Marc Slemko
 Dated: 4/12/97 09:49 -0500 GMT
 
 > Ah, ok, that is worthy of consideration.  I have been trying to get time
 > for a while to think over the whole way it is handled, including
 > documenting a few things.  If no one else beats me to it, I'll look at
 > this when I get time...
 >
 > Thanks.
 >
 > On Sat, 12 Apr 1997, P. Alejandro Lopez-Valencia wrote:
 >
 > > On Sat, 12 Apr 1997, Marc Slemko wrote:
 > >
 > > > On Sat, 12 Apr 1997, P. Alejandro Lopez-Valencia wrote:
 > > >
 > > > > The use of a modified environemt PATH is not reflected in the
 > > > > actual $PATH passed to the CGI. It may constitute a security hole
 > > > > as the $PATH used is that of the owner of the parent process (root).
 > > >
 > > > What do you mean "modified path"?  Who is modifying it?  The path should
 > > > be that in effect when the server was started, or some default path if
 > > > there was none.  Generally root's path is reasonably restrictive; if you
 > > > wish to modify it you should be able to use SetEnv or change the path
 > > > before you start httpd.
 > > >
 > >
 > > That is my problem.. I unset the path with UnSetEnv and redefine
 > > it with SetEnv, but the $PATH inherited by the server from root (I am
 > > using /bin/sh5 as its shell) is the one passed to the CGI environment.
 > >
 
 Hi,
 
 You got me thinking and have come up a suggestion. What if the path is
 defined internally to a sensible default (say, $APACHE_DIR/bin:/bin),
 the parent process path is ignored and internally assigned?
 
 Like this:
 
 $PATH="blah:blah" # Insecure, comes from root env, ignored.
 $HT_CGI_PATH="blah:blah" # Has a sensible default, can be redefined in srm.conf
 $PATH=$APACHE_PATH # Internally the server assigns $HT_CGI_PATH to $PATH.
 
 I guess this would close several possible backdoors.
 
 BTW, I am using the disallow ID module to disable any process spawning
 owned by root or a system user/group, it is not as safe as suexec I
 guess but it works for me.
 
 --
 P. Alejandro López-Valencia                                Ecologist
 Associate, International Center for Tropical Ecology at UM-St. Louis
 mailto:palopez@usa.net
 ***********          Most beatiful just before.          ***********
 
 

Mime
View raw message