Hmmm, actually we're all missing the point here. The original post was not asking how to solve the problem. It was asking I don't understand what risks there are to the server and machine as a whole, such that the server owner should be reluctant to enable this feature. Could someone please tell me what are the risks and how are these risks controlled in typical "good" use of suEXEC? I'm probably not qualified to answer these questions but just as a point for discussion I thought I'd mention a possible risk. There are vulnerabilities (root access vulnerabilities at that) that require access to a command line. If the original poster's account were to be compromised to the point that an attacker could get a command line running with that poster's privileges then perhaps the attacker could parlay that access into root access on the machine. -----Original Message----- From: H D Moore [mailto:sflistat_private] Sent: Monday, May 27, 2002 8:20 PM To: Steffen Dettmer; secprogat_private Subject: Re: CGI security on a shared web server On Saturday 25 May 2002 10:34, Steffen Dettmer wrote: > * Kurt Seifried wrote on Thu, May 23, 2002 at 14:05 -0600: > > One possible solution, assuming you need to write the data but not read > > it until later is to encrypt it, generate a public/private keypair using > > pgp/gnupg, load the public key onto the server with your app, have it > > write the files after encrypting the data. Thus you can retrieve the data > > (ftp, www, whatever) and then decrypt it at your leisure and use it. > > I don't think that this makes things secure. If the web server > runs as nobody, the CGI script must be executable for nobody. The > secret key must be reable for nobody. I think you missed the point here, what Kurt suggested was that you only place the PUBLIC key on the web server and encrypt (not sign) the data you want to store. When you want access to the data, you download the files and decrypt them on your local server/workstation/etc. This doesn't prevent someone from writing bogus data into your file, but it does keep them from reading it. -HD
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 15:30:40 PDT