You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1995/12/31 22:53:01 UTC

setuid() again

Anybody home?


Still searching for the Grail on this one.....

I've explored the following suggestions:

* setuid to the user of the CGI script

   This method creates many support headaches.
	. users not understanding how to setuid a script
	. perl not wanting to exec a setuid script
	. ease of creating a wrapper for every user's CGI script

* cgiwrapper

   Disables the ability to have index.cgi
   Some support issues with explaining it's use.


This brings me back to the use of seteuid() in the server.

While I agree that it is somewhat scary to be switching uids
in our CGI code, there are benefits to this approach that 
*improve* security as well. Correct me if I'm wrong...
(as if I need to ask)

Most changes can be restricted to can_exec().

We can:
	disallow execution of any CGI by uid 0.
	force the CGI script to be under the owners home directory
	control the PATH set for any of these scripts
	restrict system resources on OSs with setrlimit

It seems that after all of these conditions have been met,
seteuid() to the owner of the script is relatively safe.

I've got a pretty clear picture of how to do this. I would appreciate
any feedback.