Bug#499191: apache2-suexec-custom: Allow execution of programs owned by root
Stefan Fritsch wrote:
>> So the actual item for the wishlist is to be able to specify a user
>> (or more than one) that are considered trusted. Suexec will then
>> allow files owned by either the target user, or by a trusted user,
>> to be executed.
>
> First of all, have you looked at
>
> suphp
> sbox-dtc
> cgiwrap/php-cgiwrap
>
> to see if any of them meet your needs? I don't know any of them but
> maybe one of them already has the feature you need.
Yes, I've looked at them. The problem is that libapache2-mod-fastcgi is
written in mind to be used together with suexec. The calling convention
usually is different for other programs like suphp.
>
> Second, you could use "chattr +i" to prevent users from changing the
> wrapper. This is somewhat fragile, though, because backup programs
> usually will not restore the immutable flag.
I've tried that approach, and it is indeed fragile. Certainly when I
want the cgi script itself to be autogenerated by another script, which
takes into account user preferences etc.
>
> Apart from that, allowing scripts owned by root to be executed as any
> user would certainly create (local) security issues. Using a
> dedicated user might be possible, though.
Why would running a root-owned script as a local user create a security
issue?
>
> But I intend to keep apache2-suexec-custom as close as possible to the
> normal suexec and would prefer to not add any more features.
I understand that. The patch is quite trivial though. Are there any
other options besides maintaining my local patch?
It's unfortunate I have to maintain this local patch. I know many people
have the same setup as me, and also have to patch suexec themselves.
Thanks,
Alexander
Reply to: