[Prev][Next][Index][Thread]

Re: Apache 1.1.1 overflow (fwd)



Although I never ran a PUBLIC web server as root, there are many
tricks, most of them for sites with many virtual hosts, where the
real owner doesn't want some sub site owners to damage others.

One of them is chroot each to its sub directory (before calling
his cgi-bins). Other is to set uid (or use set uid on execution
cgi-bins, which works for none root servers too) to the real owner
of the specific cgi-bin before calling it. There are many
strategies, and most are very easy for anyone who knows UNIX.
The imagination is the border...

-- 
Eli Marmor
***************************************************************
 *   ___ _  __ ___  __    _ |__ _ _    marmor@elmar.co.il      *
  *     | | | \   | | \    |  / |\/     El-Mar Software Ltd.    *
   *    | | | _)  | | _)     /  | \      Tel.: 972-50-237338     *
    *    ___________________________      Fax: 972-9-7484279      *
     *   \_________________________ \      http://www.elmar.co.il  *
      *    _________  __  ____     \ \____  __    _                 *
       *   \_______ \ \_\|  _ \  __ \____ \ \ \  | |                 *
        *          \ \   | | \ \ \_\     \ \ \ \ | |                *
         *          \ \  | | _\ \         ) ) \ \ \_\_             *
          *          \ \ |_| \___)       (_/   \_\  \_\           *
           *          \ \_______________________________         *
            *          \________________________________\       *
             *                                                 *
              *************************************************


References: