On Thu, Oct 20, 2016 at 5:06 AM, Lukas Erlacher <erlacher@xxxxxxxxx> wrote: > Now, getting back to the statement in the apache docs: Is this a security > violation / vulnerability? What can an attacker do with that socket other > than execute arbitrary programs on the machine using their own permissions > (plus www-data group)? They can already do that by virtue of being able to > place arbitrary cgi scripts in their userdirs. Presumably they could block your CGI scripts, or ask mod_cgid to run scripts outside of those reachable by any URI. Note that mod_cgid already chown's the socket to the configured userid, but not the primary group. This allows the httpd children to write to it. I didn't see any info mod_suexec_custom, but suexec should not be running until long after the socket communication between httpd and cgid is over. What talks to cgid in this case that doesn't have a www-data userid? -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|