Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by slive: http://wiki.apache.org/httpd/Recipes/Privilege_Separation The comment on the change is: Mention suphp and include a general suid-launcher caveat. ------------------------------------------------------------------------------ These suid launchers allow CGI scripts to be run under different userids depending on the URL of the request. Each imposes different restrictions and has different capabilities. - Even in cases where you would ordinarily use an Apache httpd module like php or mod_perl, the simplest, safest, and most performant way to get privilege separation will often be to instead use php or perl as a CGI script under suexec or cgiwrap. + Even in cases where you would ordinarily use an Apache httpd module like php or mod_perl, the simplest, safest, and most performant way to get privilege separation will often be to instead use php or perl as a CGI script under suexec or cgiwrap. For php in particular, [http://www.suphp.org/ suPHP] provides an suid launcher (like suexec) combined with an Apache httpd module that makes configuration of PHP as a CGI somewhat easier. In cases where the performance hit from using CGI scripts is not acceptable, the best alternative is often to use [http://www.fastcgi.com/ fastcgi] to run long-lived cgi processes outside the httpd process. The most up-to-date fastcgi module for Apache httpd is [http://fastcgi.coremail.cn/ mod_fcgi]. Work is currently underway to incorporate fastcgi management into the Apache HTTP Server distribution for a future version. + + ''Be especially careful when configuring and using suid launchers like suexec, cgiwrap, and suPHP. These scripts allow the less-privileged Apache httpd user to do things beyond its standard permissions level (change userid, in particular). Any flaw in these programs or in your configuration of them can lead to serious security problems. The Apache HTTP Server developers have made every effort to keep suexec simple and secure. They cannot vouch for the security of third-party tools like cgiwrap and suPHP.'' == Using Unix permissions for privilege separation == @@ -42, +44 @@ == MPMs that do privilege separation == - Several different multi-processing modules (MPMs) have been written to address this problem. These include perchild (now defunct), Metux mpm, [http://www.telana.com/peruser.php Peruser MPM], and [http://mpm-itk.sesse.net/ MPM-ITK]. The first three keep a pool of threads or processes available under each userid and dispatches each request to the appropriate thread pool. Essentially, they are a more efficient version of the reverse proxy solution discussed above. None of these modules are apparently production-ready. + Several different multi-processing modules (MPMs) have been written to address this problem. These include perchild (now defunct), Metux mpm, [http://www.telana.com/peruser.php Peruser MPM], and [http://mpm-itk.sesse.net/ MPM-ITK]. The first three keep a pool of threads or processes available under each userid and dispatch each request to the appropriate thread pool. Essentially, they are a more efficient version of the reverse proxy solution discussed above. None of these modules are apparently production-ready. MPM-ITK, on the other hand, processes request headers under root, switches to the target userid, and then kills the httpd process when finished serving the connection. As discussed above, this has serious security and performance implications.
