[23015] in bugtraq
Re: Apache suexec
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Fri Oct 26 18:42:28 2001
Date: Fri, 26 Oct 2001 13:33:16 +0200 (MET DST)
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
To: Stefanos Harhalakis <v13@it.teithe.gr>
Cc: bugtraq@securityfocus.com
In-Reply-To: <200110232141.AAA03585@ppp0.the.forthnet.gr>
Message-ID: <20011026132909.5A4A.0@argo.troja.mff.cuni.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 24 Oct 2001, Stefanos Harhalakis wrote:
> Suppose we have mingid==100 and a user with gid==0 which belongs to groups
> 123,234,345. Suexec will no execute and script for this user.
>
> Now suppose we have the same user with gid==123 which belongs to groups0
> ,234,345. Suexec will execute any cgi without problem. The running cgi will
> be a member of all those groups.
suexec does not check supplementary groups. It could do it but I do not
think it is a serious problem--the motivation behind the checks is to
avoid accidental invocation of CGI programs running under root or other
special accounts.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
