Re: CGI security on a shared web server (fwd)
From: Lee E. Brotzman (leb@gmss.com)Date: 05/28/02
- Previous message: H D Moore: "Re: CGI security on a shared web server"
- In reply to: Pavel Kankovsky: "Re: CGI security on a shared web server (fwd)"
- Next in thread: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Next in thread: George Dinwiddie: "Re: CGI security on a shared web server (fwd)"
- Reply: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secprog@securityfocus.com Date: Tue, 28 May 2002 08:50:55 -0400 From: "Lee E. Brotzman" <leb@gmss.com>
On Sun, 26 May 2002 17:34:35 +0200, "Pavel Kankovsky" said:
> What happens when an insecure CGI program is installed?
>
> 1. With suexec, only the account of the idiot who owns the insecure CGI
> program is compromised.
> 2. Without suexec, the account the daemon and all other CGI programs run
> under is compromised.
Not necessarily. If the insecure CGI program was running setuid with the UID
of the "idiot's" account then option 2 will not endanger the daemon any more
than option 1 will.
You don't think that I was advocating running CGI programs setuid *root* were
you? The setuid scripts in my systems run setuid with the uid of an account
specifically set up for that purpose. Usually this is an account with no
login shell or home directory, but sometimes not depending on the circumstances.
Using this approach then...
1. With suexec every CGI program in this account is a potential source of
attack that may possibly write data to the system with the privilege of the
account owner.
2. Without suexec, only those relatively few CGI programs that actually need to
be setuid can be attacked to write data to the system with the privileges of
the account owner. The rest run as nobody. They still need scrutiny but not as
much as a setuid script does.
If suexec had an option for specifying which CGI programs to run setuid, then
I agree that it is a decent wrapper program. Until then, I ain't agonna use it.
This thread is getting off topic. The original poster wanted to know why
suexec was a security threat in the minds of his ISP. I think that's been
answered, it's a threat because every CGI program on that virtual host is run
setuid regardless of whether it needs to be or not. If he has the ability to
set permissions on his CGI programs, then he can set the setuid/setgid bots on
his programs, but needs to be very careful writing them.
-- -- Lee E. Brotzman E-mail: leb@gmss.com -- Allied Technology Group Phone : 814-861-5028
- Previous message: H D Moore: "Re: CGI security on a shared web server"
- In reply to: Pavel Kankovsky: "Re: CGI security on a shared web server (fwd)"
- Next in thread: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Next in thread: George Dinwiddie: "Re: CGI security on a shared web server (fwd)"
- Reply: Luciano Miguel Ferreira Rocha: "Re: CGI security on a shared web server (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
