Bug#499191: Possible security issues

To: 499191@bugs.debian.org
Subject: Bug#499191: Possible security issues
From: Alexander Prinsier <aphexer@mailhaven.com>
Date: Sat, 24 Jan 2009 11:58:17 +0100
Message-id: <[🔎] 497AF449.1070600@mailhaven.com>
Reply-to: Alexander Prinsier <aphexer@mailhaven.com>, 499191@bugs.debian.org

> Not so. But this would mean that in many setups, any user would be
> allowed to execute any root-owned program under the document root
> that has mode +x as any _other_ user (above uid 100). This is
> something that no admin would expect. The restriction that suexec can
> only be executed by apache can often be circumvented. E.g. if user
> are allowed to create php scripts in ~/public_html.

If a user is allowed to create a php script that will be executed as
www-data, he can just go read everyone else's data (like a config.php
which includes passwords to databases etc), because everyone else's data
must be readable by www-data to get served by apache in this setup.

Because of that, I don't think there are many setups allowing script
execution as www-data, but yes, in such a case there is a side-effect
with my suggestion, that most admins would not suspect.

But I'm targeting another audience here :) One where www-data is a
privileged user (has read access to everyone's data), and script
execution is only allowed as the user itself using suexec.

To circumvent the issue totally, I could modify it so that if the cmd is
inside the docroot, then the owner of the cmd must be the target user.
If the cmd is inside a cgi-docroot, then the owner must be root. (It's
up to the admin to make these docroot's non overlapping :)).

Alexander

Reply to:

Prev by Date: Bug#512778: Info on file permissions on ssl certificates
Next by Date: Bug#512778: Info on file permissions on ssl certificates
Previous by thread: Bug#512778: Info on file permissions on ssl certificates
Next by thread: Re:Get Back Urgently.
Index(es):
- Date
- Thread