RE: CGI security on a shared web server

From: Beatie, Breck (ISSMountain View) (BBeatieat_private)
Date: Tue May 28 2002 - 13:52:59 PDT

Next message: George Dinwiddie: "Re: CGI security on a shared web server (fwd)"

Previous message: Antonomasia: "Re: CGI security on a shared web server"
Maybe in reply to: George Dinwiddie: "CGI security on a shared web server"
Next in thread: Jeff Dafoe: "RE: CGI security on a shared web server"
Reply: Jeff Dafoe: "RE: CGI security on a shared web server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hmmm, actually we're all missing the point here.  The original post
was not asking how to solve the problem.  It was asking 
	I don't understand what risks there are to the server and 
	machine as a whole, such that the server owner should be
	reluctant to enable this feature.  Could someone please tell
	me what are the risks and how are these risks controlled in
	typical "good" use of suEXEC?

I'm probably not qualified to answer these questions but just as a point
for discussion I thought I'd mention a possible risk.

There are vulnerabilities (root access vulnerabilities at that) that
require access to a command line.  If the original poster's account
were to be compromised to the point that an attacker could get a command
line running with that poster's privileges then perhaps the attacker
could parlay that access into root access on the machine. 

-----Original Message-----
From: H D Moore [mailto:sflistat_private]
Sent: Monday, May 27, 2002 8:20 PM
To: Steffen Dettmer; secprogat_private
Subject: Re: CGI security on a shared web server

On Saturday 25 May 2002 10:34, Steffen Dettmer wrote:
> * Kurt Seifried wrote on Thu, May 23, 2002 at 14:05 -0600:
> > One possible solution, assuming you need to write the data but not read
> > it until later is to encrypt it, generate a public/private keypair using
> > pgp/gnupg, load the public key onto the server with your app, have it
> > write the files after encrypting the data. Thus you can retrieve the
data
> > (ftp, www, whatever) and then decrypt it at your leisure and use it.
>
> I don't think that this makes things secure. If the web server
> runs as nobody, the CGI script must be executable for nobody. The
> secret key must be reable for nobody. 

I think you missed the point here, what Kurt suggested was that you only
place 
the PUBLIC key on the web server and encrypt (not sign) the data you want to

store. When you want access to the data, you download the files and decrypt 
them on your local server/workstation/etc. This doesn't prevent someone from

writing bogus data into your file, but it does keep them from reading it.

-HD

Next message: George Dinwiddie: "Re: CGI security on a shared web server (fwd)"
Previous message: Antonomasia: "Re: CGI security on a shared web server"
Maybe in reply to: George Dinwiddie: "CGI security on a shared web server"
Next in thread: Jeff Dafoe: "RE: CGI security on a shared web server"
Reply: Jeff Dafoe: "RE: CGI security on a shared web server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 28 2002 - 15:30:40 PDT