Bug#499191: apache2-suexec-custom: Allow execution of programs owned by root

[Alexander Prinsier <debian@aphexer.mailhaven.com>]

Stefan Fritsch wrote:
>> So the actual item for the wishlist is to be able to specify a user
>> (or more than one) that are considered trusted. Suexec will then
>> allow files owned by either the target user, or by a trusted user,
>> to be executed.
> 
> First of all, have you looked at
> 
> suphp
> sbox-dtc
> cgiwrap/php-cgiwrap
> 
> to see if any of them meet your needs? I don't know any of them but 
> maybe one of them already has the feature you need.

Yes, I've looked at them. The problem is that libapache2-mod-fastcgi is
written in mind to be used together with suexec. The calling convention
usually is different for other programs like suphp.

> 
> Second, you could use "chattr +i" to prevent users from changing the 
> wrapper. This is somewhat fragile, though, because backup programs 
> usually will not restore the immutable flag.

I've tried that approach, and it is indeed fragile. Certainly when I
want the cgi script itself to be autogenerated by another script, which
takes into account user preferences etc.

> 
> Apart from that, allowing scripts owned by root to be executed as any 
> user would certainly create (local) security issues. Using a 
> dedicated user might be possible, though.

Why would running a root-owned script as a local user create a security
issue?

> 
> But I intend to keep apache2-suexec-custom as close as possible to the 
> normal suexec and would prefer to not add any more features.

I understand that. The patch is quite trivial though. Are there any
other options besides maintaining my local patch?

It's unfortunate I have to maintain this local patch. I know many people
have the same setup as me, and also have to patch suexec themselves.

Thanks,

Alexander