https://issues.apache.org/bugzilla/show_bug.cgi?id=46716
Stefan Fritsch <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX --- Comment #5 from Stefan Fritsch <[email protected]> 2011-06-30 19:58:06 UTC --- (In reply to comment #4) > The only one who can set TMPDIR is the one who configures and/or executes > apache process, and that person is able to disrupt security much more than by > setting TMPDIR, which is way NOT to disrupt it. I guess I should have been more verbose. The suexec helper binary (which is setuid root and is responsible for changing the user id) does not read the httpd configuration nor does it have any other trusted channel to httpd where it would get configuration information. It just does what whoever is calling suexec is asking it to do, within the limits that are compiled into suexec. If suexec would allow to set TMPDIR, any user who can call suexec could use it to execute processes as different user with arbitrary values of TMPDIR. At first glance, one could think that this is no problem if suexec is only executable by the runtime group of httpd. But there are many common configurations involving mod_userdir and mod_php or mod_cgi, where any local user can execute arbitrary processes as httpd user. Therefore limiting who can execute the suexec helper does not help in general. So, achieving what you want would require suexec to read a configuration before every request. There are some third-party suexec-type wrappers available which can do this but suexec does not and there is little chance that this will be changed. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
