[EMAIL PROTECTED] wrote: > > [In order for any reply to be added to the PR database, ] > [you need to include <[EMAIL PROTECTED]> in the Cc line ] > [and leave the subject line UNCHANGED. This is not done] > [automatically because of the potential for mail loops. ] > > Synopsis: Potential group security hole with suexec > > State-Changed-From-To: open-closed > State-Changed-By: brian > State-Changed-When: Tue May 19 21:48:27 PDT 1998 > State-Changed-Why: > yeah, better never than late, eh? :) > > To be honest I don't see the security hole present here. > The whole point of suexec is to put the same protections > around the CGI that Unix puts around its users. A poorly > written and exploitable CGI, under suexec, can do as much > damage to the OS as the user whose userid it runs under can > also do. This is not a chroot jail and doesn't try to be. > > If we were to implement a warning or check, chances are the > volume of bug reports we'd get about it would overwhelm us, > as everyone testing "suexec" for the first time will be someone > who has wheel group membership (etc.) since they had to become > root to install suexec. > > Thanks for the note, though, it was good food for thought.
Brian, I understand and agree. I think it would be worth pointing out, however, that the "Group" directive specified in the config file is, as is generally the case but easily forgotten, a specification of the primary group, and not necessarily all the groups to which a user may belong. I'd rather have seen it in the documentation and kick myself for not paying attention than see it in a CERT advisory. Thanks for the note. Patrick
