You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/06/28 21:40:01 UTC
more security thoughts
I've been thinking more about the silly people who run their server
as root. There are probably a half-dozen attacks that allow you to read
any file on the system as the uid/gid of the webserver itself. I'm not
particularly happy about having to fix these (you have to fstat() after
an open() to make sure you opened what you thought you were going to).
I'd rather just print a big fat warning in the logs and on stderr if
the server is run as root.
Or better yet, just exit(1) if User root, and require rebuilding with
-DSHOOT_MY_FOOT_OFF to get past that point.
We also need to document a "secure" config a bit better... i.e.
<Directory />
AllowOverrides None
Options None
order deny,allow
deny from all
</Directory>
<Directory /path/to/documentroot>
AllowOverrides ???
Options ??? # with SymLinksIfOwnerMatch, and not FollowSymLinks
order allow,deny
allow from all
</Directory>
<Directory /home/*/public_html>
AllowOverrides ???
Options ??? # with SymLinksIfOwnerMatch, and not FollowSymLinks
order allow,deny
allow from all
</Directory>
<Directory /path/to/cgi-bin>
AllowOverrides None
Options ExecCGI
order allow,deny
allow from all
</Directory>
Or something like that.
Dean
Re: more security thoughts
Posted by Marc Slemko <ma...@worldgate.com>.
On Sat, 28 Jun 1997, Dean Gaudet wrote:
> I've been thinking more about the silly people who run their server
> as root. There are probably a half-dozen attacks that allow you to read
> any file on the system as the uid/gid of the webserver itself. I'm not
> particularly happy about having to fix these (you have to fstat() after
> an open() to make sure you opened what you thought you were going to).
> I'd rather just print a big fat warning in the logs and on stderr if
> the server is run as root.
I'm not sure that all of the possible race conditions can be fixed
period.
I'm not sure if doing what you suggest would help the morons, but it
may be a good idea... do something, ranging from a minimum of whining
to a maximum of just not working if the server is run as root.