Source: apache2-suexec-custom Severity: wishlist
Hi. To my mind, suexec in general is somewhat security flawed, as it allows to su to any UID/GID above the minium value for those (currently 100 in Debian). This is required when using it with the userdir feature, as a site may have many users with there own scripts... But for many setups, you want to do just some prviliege separation, e.g. that your forum runs as user myforum and your CalDAV server runs as mycalendar. An even in the userdir example,.. you perhaps want to restric suexec itself to only some trustworthy users. Now we already have a custom version of suexec. I propose to add further changes: - the 3rd line should be allowed to give a list of UIDs, separated by "," - the 4th line should be allowed to give a list of GIDs, separated by "," If set,.. suexec will only switch to the respective UIDs/GIDs. UIDs/GIDs below AP_UID_MIN/AP_GID_MIN shall still be ignored. If unset,.. the usual AP_UID_MIN/AP_GID_MIN restriction applies. A comfortable version could allow seting user/group names, that are then resolved. Care must be taken that AFTER resolving,.. and UIDs/GIDs below AP_UID_MIN/AP_GID_MIN are ignored. I'd also suggest to take the opportunity and improve the configuration file schema. Setting the options based on their line numer is just to error prone. Something like this would be better IMHO: document_root = foobar userdir_suffix = foobar allowed_users = 2000,2050,mycalendar allowed_groups = 3000,4040,mycalendarGroup Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
