From: "Urivan Saaib" <[EMAIL PROTECTED]>
> Simon,
>
> Btw, what if i automate the whole process ? and the httpd.conf just is
> not being edited by the admin but by a binary code (out of the chrooted
VS) ?
>
> What about if you have those perl/C programs away from your host server
> and you're doing remote administration ? (i.e. customers does not have
> shell access at all, only web)
>
> Of course, you have access thru ssh to the host server to do maintenance.
>
> The problem is not httpd being executed by root, but who might have access
> to important configuration files.
>
> Regards,
>
> P.S.: btw, anyone had implemented anything else around VSD besides
installing
> software in the vs ?
One option I considered was to only allow Apache configuration through e.g.
a web-based GUI. This allows you to limit which directives can be changed
(e.g. you can stop users from changing the IP/Port their server runs on,
which is another security problem), and you can write checks for legal
values for each directive. So there you could implement the log file
ownership tests you suggested. This would let you run Apache as root and
lock it down somewhat. But creating and maintaining such an interface could
be quite a mammoth task...
My preference would be to move to Linux 2.4 and use process capabilities to
give the admin user permission to bind port 80. This solves a whole pile of
problems - although then you have to worry about 2.4's stability...
