OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: George Dinwiddie (gdinwiddiemin.net)
Date: Thu May 23 2002 - 09:13:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I am renting server space on a shared machine which runs my site, and
    others, as virtual domains on a single instance of Apache. CGI programs
    run under the uid 'nobody', as does the server itself. This means that
    if I want to provide write access to a data file, I must allow world
    write access to that file. It also means that if my CGI program
    creates a data file, that file is owned by 'nobody' and I do not have
    full privileges over my own data. Since the box has multiple
    legitimate users, all users of the box have just as much access to
    my data as I do.

    To me, this is a problem. It's both a security problem (protecting
    my data) and an administrative problem (changing permissions on
    files created by the CGI script).

    I've asked the owner of the server to enable the suEXEC feature of
    Apache. The response I've gotten is that this is a security
    vulnerability. Indeed, the Apache docs
    (http://httpd.apache.org/docs/suexec.html) warn that "However, if
    suEXEC is improperly configured, it can cause any number of problems
    and possibly create new holes in your computer's security. If you
    aren't familiar with managing setuid root programs and the security
    issues they present, we highly recommend that you not consider
    using suEXEC." The previous sentence, however, notes that "Used
    properly, this feature can reduce considerably the security risks
    involved with allowing users to develop and run private CGI or SSI
    programs."

    I understand that using suEXEC opens my own account up to any
    security holes introduced by my own CGI scripts. I'm certainly
    willing to accept that responsibility and risk.

    I don't understand what risks there are to the server and
    machine as a whole, such that the server owner should be
    reluctant to enable this feature. Could someone please tell
    me what are the risks and how are these risks controlled in
    typical "good" use of suEXEC?

     - George 

    -- 
 ----------------------------------------------------------------------
  George Dinwiddie                             gdinwiddiealberg30.org
  The gods do not deduct from man's allotted span those hours spent in
  sailing.                                    http://www.Alberg30.org/
 ----------------------------------------------------------------------