Bug#499191: apache2-suexec-custom: Allow execution of programs owned by root
Hi,
On Wednesday 17 September 2008, Alexander Prinsier wrote:
> I'm using apache2 together with fastcgi, suexec and php. To
> configure php I'm using a wrapper script to set PHPRC, which then
> exec's php itself.
>
> I don't want users to set their own PHPRC, so they could modify the
> php.ini for their site. This means users shouldn't be able to write
> to the wrapper script. The problem is that suexec requires the
> wrapper script to be owned by the user it should be executed as,
> which means the user could modify this script.
>
> The same problem occurs when you want to provide some cgi scripts
> for your users in a central location. Suexec requires them to be
> owned by the user it should be executed as. Usually these shared
> cgi scripts are owned by root, or another account which is
> 'trusted'.
>
> So the actual item for the wishlist is to be able to specify a user
> (or more than one) that are considered trusted. Suexec will then
> allow files owned by either the target user, or by a trusted user,
> to be executed.
First of all, have you looked at
suphp
sbox-dtc
cgiwrap/php-cgiwrap
to see if any of them meet your needs? I don't know any of them but
maybe one of them already has the feature you need.
Second, you could use "chattr +i" to prevent users from changing the
wrapper. This is somewhat fragile, though, because backup programs
usually will not restore the immutable flag.
Apart from that, allowing scripts owned by root to be executed as any
user would certainly create (local) security issues. Using a
dedicated user might be possible, though.
But I intend to keep apache2-suexec-custom as close as possible to the
normal suexec and would prefer to not add any more features.
Cheers,
Stefan
Reply to: