You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1995/12/31 22:53:01 UTC
setuid() again
Anybody home?
Still searching for the Grail on this one.....
I've explored the following suggestions:
* setuid to the user of the CGI script
This method creates many support headaches.
. users not understanding how to setuid a script
. perl not wanting to exec a setuid script
. ease of creating a wrapper for every user's CGI script
* cgiwrapper
Disables the ability to have index.cgi
Some support issues with explaining it's use.
This brings me back to the use of seteuid() in the server.
While I agree that it is somewhat scary to be switching uids
in our CGI code, there are benefits to this approach that
*improve* security as well. Correct me if I'm wrong...
(as if I need to ask)
Most changes can be restricted to can_exec().
We can:
disallow execution of any CGI by uid 0.
force the CGI script to be under the owners home directory
control the PATH set for any of these scripts
restrict system resources on OSs with setrlimit
It seems that after all of these conditions have been met,
seteuid() to the owner of the script is relatively safe.
I've got a pretty clear picture of how to do this. I would appreciate
any feedback.