[EMAIL PROTECTED] wrote: > Idea: On handling a file, setuid() to owner of file. On closing connection, > re-engage original uid (nobody, apache, www-data, whatever it is). PHP will > run under user's UID, other users are save. > > This would be maybe 10 lines of code. It can't be that easy, can it? What am > I missing?
Unfortuantely, it can't be that easy. Two big problems: 1. In order to do the setuid, the server would need to be running as root during the request processing phase. Any bug in Apache request processing would then open an instant root hole. 2. If you setuid in such a way that you can get back to the original root id, then there is no way to prevent your cgi/php script from also getting back to the original root id. In other words, to do this safely, you need to completely give up the original privelges. Then the process would need to die after serving the request. This would make for an incredibly slow server. As has been mentioned, the perchild MPM may eventually help you do something similar. If you have enough resources, you can get a similar effect now by just running separate copies of apache for each user. If they have independent IP addresses, then you just bind each to its own address. If they share the same IP address, then you can run each on its own port, and use a proxy on port 80 to forward requests to the appropriate port. This configuration has always been possible, but it is more feasible in Apache 2.0, because the threaded MPMs scale quite a bit better, so you should be able to run many copies of Apache without killing the server. Joshua.
