[4999] in WWW Security List Archive
Re: Security issues in Apache?
daemon@ATHENA.MIT.EDU (Steve Neruda)
Tue Apr 8 14:55:36 1997
Date: Tue, 08 Apr 1997 10:18:59 -0400
From: Steve Neruda <nerudas@nationwide.com>
To: Christopher Petrilli <petrilli@amber.org>
CC: Prentiss Riddle <riddle@is.rice.edu>, Richard Costine <rjc@n2k.com>,
www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Christopher Petrilli wrote:
> If you're running it, I would recommend you run an absolute minimal
> server on port 80, an run the rest on a totally untrusted port, like
> 8080, thereby elimanting the need to even start the server as root. This
> would at least restrict the damage that could be done.
>
Since the server relinquishes root as soon as it's bound to the port is
this added complexity really necessary? If someone finds a buffer
overflow and gets a shell then it will be under the uid the server is
*currently* running as, not root.
> Again, this is all principle. The basic theory is that if you can't
> PROVE it's trustable, then it isn't. Don't trust ANYTHING.
>
> Christopher
And the problem is that anything more than a very simple program cannot
be proven by mere mortals. Security is not an absolute thing. It is a
process of weighing risks against gains. The reason large companies
choose to connect with a public network such as the Internet is the
forseen gain verses the costs and risks involved with having such a
connection.
Even though you can't prove the security of a system it is important to
use good programming practices and have a security architecture in
mind. My guess is that 80%+ of the rash of security problems we see
right now could be eliminated by removing scanf() and printf() and any
other nonbounds checking calls from the C programming language.
SteveN
--
Steve Neruda Steve_Neruda@Nationwide.Com
Senior Internet Consultant The Internet Technologies Group
