You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/01/05 20:36:15 UTC

Re: doc patches for symlinked logfile warnings 

Just a few comments on this bloody mess...

> Jim Jagielski wrote:
> 
> My point is that Apache already allows for cgi-scripts to be run. In
> doing so, we "allow" for wrappers if the webmaster so desires but
> we also "allow" for them to be totally braindead as well. To me,
> this seems all that Apache should really be worrying about. Once we
> start focusing on also providing "secure" ways of doing scripts, we
> are biting off more than required by a server. It also opens us up
> to nasty CERT notices, which can't be good. Right now, if some
> uses the wrapper 'wideopen' with Apache, and 'wideopen' has a nasty
> bug, it's the wrapper that gets the ticket, not Apache.

There are problems and limitations to using a wrapper such as cgiwrap
with Apache. This is no fault of cgiwrap. I'm sure that there is
more that a wrapper like cgiwrap could do if given a decent execution
API path out of Apache.

> I think the only thing Apache really should be worried about _is_
> the API. One good reason of course is that it _does_ shift the
> blame, but another is that it allows for 3rd parties who might
> be much more up-to-speed to fill the gap.

I disagree. The current suexec "API" has developed as an answer to
a problem that I and others have wanted to address. I must admit that
I know *I* did not come at this from the philosophy of an "API". I
know that *I* have learned quite a bit from this first cut and see
the shortcomings of the current approach. It beats the hell out of
most of the solutions that we have seen over the past year that 
require the server to be running as root.

Having said that, I think that it is also important to provide a
working example. A *paranoid* working example that will:

1. Encourage others to try to improve it.
2. To keep the Apache group out of CERT's top 10 list.

I'm happy to see some new people show an interest in this. I
feel strongly that this is an important feature for the server.

> Think of the wrapper as a module almost... we provide the API for
> modules, but we don't write modules for every situation. If we want
> to include a wrapper as unsupported, well, but like it or not,
> suexec is seen as the "official" way to wrap cgi-scripts. I think
> our responsibility should be to focus on an API primarily.

Official, but safe.