You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Marc Slemko <ma...@znep.com> on 1997/11/02 20:40:00 UTC
Re: suexec/1346: questionable user promotion (fwd)
The following reply was made to PR suexec/1346; it has been noted by GNATS.
From: Marc Slemko <ma...@znep.com>
To: Apache bugs database <ap...@apache.org>
Cc: Subject: Re: suexec/1346: questionable user promotion (fwd)
Date: Sun, 2 Nov 1997 12:33:45 -0700 (MST)
---------- Forwarded message ----------
Date: Sun, 2 Nov 1997 09:39:08 -0500 (EST)
From: Bram Kivenko -- XSpace Staff <br...@xspace.com>
To: marc@hyperreal.org
Subject: Re: suexec/1346: questionable user promotion
Okay, well, I understand that suexec is controlled depending on where the
file is, but there are two problems:
(a) in util_script.c, it is possible to execute through an exec with
SHELL_PATH instead of SUEXEC_BIN, shell path does not run with the
protection of suexec (obviously.) This allows users to try
'nasty' things under the cloak of the webserver user. It also is
inconsistent, I may have a CGI in one location to save private
data, but then my SSI cannot retrieve this private data.
If the file resides within the web server's domain, then it should
execute it as the owner of the (realpath of the) file. My
personal touch also is that if it is not inside the web server's
domain it should have sticky bits set (ie indicating that changing
ownership isn't a problem anyway.)
The theory is, why would someone else's file be in my directory?
(b) my document root is : "/var/httpd/htdocs", so that my users do not
have to place a tilde (~) in their URL's, I do :
"ln -s ~username/public_html /var/httpd/htdocs/username"
The web server gets confused as it does not realize that the real
location is /home/username/public_html... I believe it now backtracks
realpath's to verify for .htaccess, but I do not believe it backtracks
to find out the true owner of the directory.
I realize I am using the web server differently than expected, but
nonetheless, the user and group id's should be determined through the
realpath of the file, not the sympath of the file.
I know asking for (b) to be supported is treading thin, but (a) is
definitely inappropriate.
Anyway, I hope you see it from my point of view. My real problem is that
if you set suexec then everything should run with suexec.
Thanks,
Bram
On 1 Nov 1997 marc@hyperreal.org wrote:
> Synopsis: questionable user promotion
>
> State-Changed-From-To: open-feedback
> State-Changed-By: marc
> State-Changed-When: Sat Nov 1 13:22:00 PST 1997
> State-Changed-Why:
> I'm not sure I understand what you are trying
> to say.
>
> The user things run as is supposed to be determined by
> where the file is. suexec has two ways of doing things: either it
> runs them as the user if it is a ~userdir request or it
> runs them as the User specified in the VirtualHost if
> it is a VirtualHost. If not, it does nothing.
>
> I'm afraid you will have to explain your problem more. suexec
> has a specific security model for specific reasons; while
> you may want it to work a different way for your needs,
> that doesn't mean anything is wrong with the way it works.
>
__________________________________________________________________________
Bram Kivenko -- XSpace Owner -- System Manager -- mailto:bram@xspace.com
Let XSpace be your host -- http://www.xspace.com -- (905)-458-5225
XSPACE COMMUNICATIONS
__________________________________________________________________________