www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: suexec/1346: questionable user promotion (fwd)
Date Sun, 02 Nov 1997 19:40:00 GMT
The following reply was made to PR suexec/1346; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Cc:  Subject: Re: suexec/1346: questionable user promotion (fwd)
Date: Sun, 2 Nov 1997 12:33:45 -0700 (MST)

 ---------- Forwarded message ----------
 Date: Sun, 2 Nov 1997 09:39:08 -0500 (EST)
 From: Bram Kivenko -- XSpace Staff <bram@xspace.com>
 To: marc@hyperreal.org
 Subject: Re: suexec/1346: questionable user promotion
 Okay, well, I understand that suexec is controlled depending on where the
 file is, but there are two problems: 
 (a) in util_script.c, it is possible to execute through an exec with
 	SHELL_PATH instead of SUEXEC_BIN, shell path does not run with the
 	protection of suexec (obviously.)  This allows users to try
 	'nasty' things under the cloak of the webserver user.  It also is
 	inconsistent, I may have a CGI in one location to save private
 	data, but then my SSI cannot retrieve this private data.
 	If the file resides within the web server's domain, then it should
 	execute it as the owner of the (realpath of the) file.  My
 	personal touch also is that if it is not inside the web server's
 	domain it should have sticky bits set (ie indicating that changing
 	ownership isn't a problem anyway.)
 	The theory is, why would someone else's file be in my directory?
 (b) my document root is : "/var/httpd/htdocs", so that my users do not
     have to place a tilde (~) in their URL's, I do :
     "ln -s ~username/public_html /var/httpd/htdocs/username"
     The web server gets confused as it does not realize that the real
     location is /home/username/public_html...  I believe it now backtracks
     realpath's to verify for .htaccess, but I do not believe it backtracks
     to find out the true owner of the directory.
     I realize I am using the web server differently than expected, but
     nonetheless, the user and group id's should be determined through the
     realpath of the file, not the sympath of the file.
 I know asking for (b) to be supported is treading thin, but (a) is
 definitely inappropriate.
 Anyway, I hope you see it from my point of view.  My real problem is that
 if you set suexec then everything should run with suexec.
 On 1 Nov 1997 marc@hyperreal.org wrote:
 > Synopsis: questionable user promotion
 > State-Changed-From-To: open-feedback
 > State-Changed-By: marc
 > State-Changed-When: Sat Nov  1 13:22:00 PST 1997
 > State-Changed-Why:
 > I'm not sure I understand what you are trying
 > to say.
 > The user things run as is supposed to be determined by
 > where the file is.  suexec has two ways of doing things: either it
 > runs them as the user if it is a ~userdir request or it
 > runs them as the User specified in the VirtualHost if
 > it is a VirtualHost.  If not, it does nothing.
 > I'm afraid you will have to explain your problem more.  suexec
 > has a specific security model for specific reasons; while
 > you may want it to work a different way for your needs,
 > that doesn't mean anything is wrong with the way it works.
  Bram Kivenko -- XSpace Owner -- System Manager -- mailto:bram@xspace.com
   Let XSpace be your host  --  http://www.xspace.com  --  (905)-458-5225
                            XSPACE COMMUNICATIONS

View raw message