On Tue, May 28, 2002 at 08:50:55AM -0400, Lee E. Brotzman wrote: > > 1. With suexec, only the account of the idiot who owns the insecure CGI > > program is compromised. > > 2. Without suexec, the account the daemon and all other CGI programs run > > under is compromised. > > Not necessarily. If the insecure CGI program was running setuid with the UID > of the "idiot's" account then option 2 will not endanger the daemon any more > than option 1 will. Actually, it will. It will have the privileges of the user it's set setuid to, and also of the webserver's user: setuid(getuid()). Also, note that using suEXEC is not the same as a setuid script. The environment is sanitized, only setuid(2) to certain uids/gids are allowed, and you can't get back the lost privileges. > If suexec had an option for specifying which CGI programs to run setuid, then > I agree that it is a decent wrapper program. Until then, I ain't agonna use it. I don't think it has. But nobody is stopping you from changing the source to your needs. :) Regards -- Luciano Rocha, strangeat_private
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 16:38:24 PDT