You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alexander Kolesnik <ap...@abisoft.biz> on 2005/05/20 17:27:37 UTC
Re[4]: [users@httpd] suexec improvement suggestion
>> Could you please tell what security implications do you mean? And
>> what's the difference between original suexec's security and the one I
>> suggested?
> I can't say that I'm a real expert here either, but one important
> issue is that you would need to remove an suexec security check:
> suexec runs files only under the userid of their owner. Removing
> this check wouldn't automatically lead to a problem -- you'd still
> need to compromise the httpd user -- buy it gets you one step closer.
I don't see problems here if suexec will extend this restriction to
any non-root user (or any non-special user, like bin, etc). If you see
them, please, tell me.
As far as I understand, this improvemnt will not affect suexec's
simplicity and security.
--
Best regards,
Alexander
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Re[4]: [users@httpd] suexec improvement suggestion
Posted by Joshua Slive <js...@gmail.com>.
On 5/20/05, Alexander Kolesnik <ap...@abisoft.biz> wrote:
> >> Could you please tell what security implications do you mean? And
> >> what's the difference between original suexec's security and the one I
> >> suggested?
>
> > I can't say that I'm a real expert here either, but one important
> > issue is that you would need to remove an suexec security check:
> > suexec runs files only under the userid of their owner. Removing
> > this check wouldn't automatically lead to a problem -- you'd still
> > need to compromise the httpd user -- buy it gets you one step closer.
>
> I don't see problems here if suexec will extend this restriction to
> any non-root user (or any non-special user, like bin, etc). If you see
> them, please, tell me.
Let's put it this way: If you compromise the httpd user, you can then
run any httpd/suexec-accessible program under any userid (other than
root). That is really only a half-step away from root privileges.
(One thing people often fail to consider is that suexec is an ordinary
binary that can be run from the command line, not only from within
httpd. Many of the security checks are designed to prevent it from
being abused from the command line.)
> As far as I understand, this improvemnt will not affect suexec's
> simplicity and security.
If you made it a configurable option, it would certainly make suexec
more complex (as would any configuration). I think it should be
evident that it also removes a major security check.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org