Re: suexec/237: Inappropriate bypass of suexec / Inappropriate usage of suexec

[Marc Slemko <ma...@znep.com>]

The following reply was made to PR suexec/237; it has been noted by GNATS.

From: Marc Slemko <ma...@znep.com>
To: Bram Kivenko <br...@xspace.com>
Subject: Re: suexec/237: Inappropriate bypass of suexec / Inappropriate usage of suexec
Date: Sun, 6 Apr 1997 17:53:40 -0600 (MDT)

 
 > (a) Bypass:
 >      I believe, that it is possible to bypass suexec with the use of an "nph-*"
 >      CGI.  This gives server permission state to the CGI, could be root, or
 >      possibly allow a user to erase the web server!
 
 Regardless of if you use suexec, you should not set the User directive to
 root or to anyone who can modify any of the config files, server binaries
 or logs.
 
 In any case, I have no problem using nph- CGI's with suexec.  Are you
 perhaps calling it from somewhere other than a virtual host with a User
 directive or a user directory?
 
 > 
 > (b) Usage:
 >      I have since replaced the suexec utility, finding it rather dangerous,
 >      however, what prevents someone running the suexec command from a shell
 >      possibly to take advantage of extra executables in public_html directory?
 
 There is an assumption made that any executables placed in what suexec
 things to be "web space" are really executable.  This will be documented
 better and we are thinking of better ways to verify that the process is
 reall the server, but suexec is designed around the idea that even if
 someone with evil intent calls it things are still safe provided that
 users don't put silly executables in what suexec thinks is web space.