RE: execute application from webinterface
Hello!
> -----Original Message-----
> From: Jens Gutzeit [mailto:jens@freebsdforum.de]
> Sent: 02 September 2003 18:44
> To: debian-security@lists.debian.org
> Subject: Re: execute application from webinterface
>
>
> On Tuesday 02 September 2003 19:25, Jens Gutzeit wrote:
>
> > > what's wrong with making the program suid-to-some-other-user
> (not root)
> > > and then just executing it? I reallize this doesn't work for
> ping, which
> > > is suid-to-root anyway.
> >
> > Well, to be honest, I just have forgotten this option.
>
> Damn, I should think first and then hit send, sorry for making so
> much noise.
>
> Anyway, with making the programm setuid anyone who has access to
> the webserver
> could execute this programm under a fixed userid. So this option
> is a realy
> bad idea if this is a customers webserver or s.th. similar. This
> means, if
> you're the only one who has access to the webserver, setuid is
> probably one
> of the best and easiest options, but if there are webs that are
> administrated
> by a different person you might end up with security problems
> (think of the
> setuid programm has a bug which allows to execute abitrary code).
>
> I would still sugest to setup a second webserver instance, and if
> you need
> port 80 use apaches mod_proxy.
I like the idea of a 2nd apache and the mod_proxy.
But how do you install a 2nd httpd in debian? will i have to build it from
source, or is there a trick with a apache package?
Cheers, Mario
>
> Jens
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: