Re: suid bit on directories

Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Tue, 21 May 2002 08:34:08 -0500 (CDT)


Dax Kelson <dax@gurulabs.com>:
>
> On Mon, 20 May 2002, Jesse Pollard wrote:
>
> > That is NOT wrong. The files belong to the server. Not a user. I've been
> > running a server that way for years.
>
> This is insecure.
>
> A user has a defined security context. If the user can create code that
> is then executed in a different security context (user httpd/nobody), then
> you've got a potential problem. If you have multiple users who can
> create code that executes in the *same* security context, you have a
> recipe for disaster.

correct.

> user1 can write a web app the delete/modifies the web app, or web app
> created files of user2.

Exactly what you get when the owner is hidden. Whose app got executed
that created/destroyed someone elses files? What files were created?

It all runs under the web server account... but the results are owned by
the attacked user so it looks like the user did it. Anything a CGI can
create, a CGI can execute or cause to be executed.

If you want a secured web server, DON'T let users create CGI. and don't
give the CGI the capability to execute other programs either. And this
is where compartmentalization comes into play.

All you know is that maybe the attack was via a web server. But you can't tell.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/