Date: Thu, 12 Apr 2001 01:39:11 -0700 From: Marcus Reid <marcus@blazingdot.com> To: Robert Watson <rwatson@freebsd.org> Cc: freebsd-isp@freebsd.org Subject: Re: Apache suexec and class capabilities Message-ID: <20010412013911.A45054@blazingdot.com> In-Reply-To: <Pine.NEB.3.96L.1010411030418.84384A-100000@fledge.watson.org>; from rwatson@freebsd.org on Wed, Apr 11, 2001 at 03:06:24AM -0400 References: <Pine.BSF.4.33.0104090842210.53086-100000@titanic.medinet.si> <Pine.NEB.3.96L.1010411030418.84384A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 11, 2001 at 03:06:24AM -0400, Robert Watson wrote: > > On Mon, 9 Apr 2001, Blaz Zupan wrote: > > > > I'd like to subject any CGI run through Apache with suexec to the resource > > > limitations imposed by login.conf. I see that there is a couple of patches > > > to this effect included in the apache13-fp port, but they seem to be aimed > > > at solving a problem with FrontPage extensions (which I'm not going to use.) > > > > > > Is there a patch floating around, or some way of doing this? > > > > Take a look at this one, it works fine for us: > > > > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=13606 > > I notice that this PR has aged quite a bit -- a better approach would > probably be for us to verify it does everything we want, and then attempt > to get it integrated on the Apache side. I've recently spent some time > scouring our tree looking for situations where setusercontext() is not > used, as setusercontext() will be responsible for maintaining additional > process capabilities and MAC labels at login-time. Probably, the > setusercontext() call in this patch should use SETLOGIN_ALL minus any > SETLOGIN flags that need to be explicitly excluded. Perhaps ideally, it > would also set the uid's and so on, although suexec probably also has its > own notions on how to handle that. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > SUEXEC sets the path to compile-time values, only lets a ''safe'' set of environment variables through, sets the umask if specified compile-time and has its own UID/GID stuff, leaving a whopping LOGIN_SETRESOURCES|LOGIN_SETPRIORITY left for the setusercontext() flags. It seems nice to be able to set the priority (no pun intended) so I put that in there as well. -- Marcus Reid Blazingdot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010412013911.A45054>