On Thu, Oct 07, 2004 at 03:14:23PM -0400, Colin Walters wrote: > On Thu, 2004-10-07 at 15:04 -0400, Alan Cox wrote: > > On Thu, Oct 07, 2004 at 07:58:20PM +0100, Joe Orton wrote: > > > It's not CGI scripts which is the issue, the issue is whether or not an > > > OpenSSL buffer overflow gives you remote root or just the privileges of > > > the "apache" user as it currently does. > > > > That would be a problem yes. You'd end up with apache able to access any > > files in the system. I guess mod_webdav should never have been mod_ > > Definitely agreed there. It should work like ssh+sftp, where ssh execs > a helper program running under the user's uid. Doing things this way, > in a separate process, also allows the SELinux policy to confine them > separately. I don't see how this makes sense with HTTP. The code with the buffer overflows is the HTTP parsing and SSL handling. THat's also the code which you must trust to determine what "user context" a request might be for. joe
