In general, you don't have to have suEXEC to run setuid programs. If you can set the permission bits on CGI scripts on your shared web server, you can turn on the setuid bit for those few CGI scripts you need to have setuid. I don't use suEXEC, mainly because it makes *all* the CGI scripts setuid. I have a web-based system I wrote in 30,000 lines of Perl. Of those about 4,000 lines of code run setuid. I restrict setuid status to *only* those scripts that actually have to write data on the system or access restricted data. It greatly reduces the vulnerability to the system and I have a much smaller pool of code that I have to scrutinize for the usual dangers of setuid status and privilege escalation. If I ran this system under suEXEC, then I'd be worried sick about those 30,000 lines of code. This way I'm still worried, but not sick about it. ;-) suEXEC also does nothing to actually protect the system from a poorly written script. It just makes sure the location and ownerships are right. The security hole your web service provider is worried about probably stems from the idea of all of a sudden turning on hundreds of setuid scripts of unknown quality on his system. It would be manageable if you were leasing a single rack-mount machine, but for a shared virtual hosting box, the liabilities are too high. -- -- Lee E. Brotzman E-mail: lebat_private -- Allied Technology Group Phone : 814-861-5028
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 09:01:59 PDT