Subject: | |
From: | |
Reply To: | |
Date: | Sun, 26 Jan 1997 08:42:03 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
In the Unix world, Apache is generally started by root (uid=0) and then
changes its user identity to something less powerful (specified in the
httpd.conf file) via the setuid() function. This is coded as "if current
uid=0 then do setuid". Under MPE, it is impossible (I think) for a
process to have a uid of 0, and so setuid is not attempted. Apache/iX
runs with the user identity of whoever started it.
It would be possible for me to implement this setuid feature in one of three
ways:
1) If current uid=1 (MANAGER.SYS) then do setuid. This is reasonably secure.
The Apache/iX binary must be able to call GETPRIVMODE in order to do the
setuid, and it will only be attempted if it's run by MANAGER.SYS.
2) Do setuid if a new uid is specified in httpd.conf. I feel this is less
secure. This also requires GETPRIVMODE, but if whoever installs Apache/iX
is lax about security for the httpd program, anybody able to run httpd can
execute with the uid of any user on the system.
3) Do nothing, and just leave this functionality broken. Apache/iX runs with
the uid of the job or the uid in the inetd config (well, once I get it working
with inetd).
I feel that 1) is the closest to the original intent of this functionality.
What do you think?
--
Mark Bixby E-mail: [log in to unmask]
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)
|
|
|