Re: CGI security on a shared web server (fwd)
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)Date: 05/26/02
- Previous message: Steffen Dettmer: "Re: CGI security on a shared web server"
- In reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Next in thread: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Reply: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz> Date: Sun, 26 May 2002 17:34:35 +0200 (MET DST) To: secprog@securityfocus.com
On Fri, 24 May 2002, Lee E. Brotzman wrote:
> I don't use suEXEC, mainly because it makes *all* the CGI scripts
> setuid. [...]
The living environment of any program invoked by suexec is cleaned up
quite well. Most of the data that is allowed to pass through suexec can
be provided by a remote attacker as well (and the rest, like the server
version, should be irrelevant in most cases).
> suEXEC also does nothing to actually protect the system from a poorly
> written script. It just makes sure the location and ownerships are
> right. The security hole your web service provider is worried about
> probably stems from the idea of all of a sudden turning on hundreds of
> setuid scripts of unknown quality on his system. It would be
> manageable if you were leasing a single rack-mount machine, but for a
> shared virtual hosting box, the liabilities are too high.
What happens when an insecure CGI program is installed?
1. With suexec, only the account of the idiot who owns the insecure CGI
program is compromised.
2. Without suexec, the account the daemon and all other CGI programs run
under is compromised.
Which one is better? It is a choice between two evils but I myself am
going to pick (1) whenever I run a system with multiple users who do not
trust one another (assuming I am going to enable CGIs at all). Is is
better to let a user shoot into his/her own head than to let a user
shoot into everyone's stomach.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Previous message: Steffen Dettmer: "Re: CGI security on a shared web server"
- In reply to: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Next in thread: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Reply: Lee E. Brotzman: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
