Re: root perms / rewritemap prg / module system()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 24 Jun 2016, at 16:24, Stormy <stormy22@xxxxxxxxx> wrote:
> 
> At 03:53 PM 6/24/2016 +0200, Ben RUBSON wrote:
>> On 2016-06-08 at 14:24, Nick Kew wrote :
>> > On Wed, 2016-06-08 at 08:01 -0400, Eric Covener wrote:
>> >> On Sat, Apr 16, 2016 at 6:00 PM, Ben RUBSON <ben.rubson@xxxxxxxxx> wrote:
>> >>> Then my question is, could it be possible ?
>> >>
>> >> You would need your own daemon launched during an early hook (like
>> >> post_config).  You wouldn't be able to respond [directly] to requests,
>> >> you'd need to reach out over something like a pipe the way rewritemap
>> >> does.
>> >>
>> > A hacked suexec would be a per-request option.  Or using
>> > solaris and mod_privileges might just possibly help with
>> > more fine-grained escalation.
>> 
>> Nick, thank you very much for your answer, and sorry for my late reply.
>> 
>> I red suexec source code, it gave me some ideas :
>> I could write my own setuid-ed program which would :
>> - setuid(<user_id>)
>> - only perform the needed tasks under <user>
>> - exit
>> This program could be then called from any other custom module etc...
> 
> Maybe esoteric, possibly off-topic for this precise thread, but would mod-itk be potentially useful? I looked into it a few years back, it *seemed* to do what was promised, but also carried a fairly major cpu-cycle overhead. I didn't have time to try and refine implementation and never put it into production...

Thank you for your suggestion Paul !
I used to use mpm-itk, but I reverted back to built-in MPMs as I'm not really confident having the main server (the very first one receiving requests) running as root.

Best regards,

Ben


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux