Bugtraq mailing list archives
Re: Cobalt RaQ 3 security hole?
From: brian () COLLAB NET (Brian Behlendorf)
Date: Fri, 21 Jul 2000 17:05:16 -0700
On Thu, 20 Jul 2000, Joshua Ellis wrote:
That's the standard RaQ install. If you do a /usr/sbin/http -V you'll see "-D BIG_SECURITY_HOLE". It's how their mod_perl-based admin modules work. If you look in /usr/lib/perl5/site_perl/5.005/Cobalt you'll see they modify a lot of files writable only by root, and HUP a lot of processes owned by root... Apache has to be running as root for you to do that.
Not really true; one can write a setuid C program that sends a signal to
restart the Apache process, and is small enough to be (close to) provably
secure. Small setuid binaries for other needs for root would be the way
to go. One has to be careful to design it so that it can't be used for
other unsafe purposes, but that's far more containable than running Apache
as root.
Brian
Current thread:
- Cobalt RaQ 3 security hole? Chad Day (Jul 18)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Re: Cobalt RaQ 3 security hole? Brian Behlendorf (Jul 21)
- Microsoft Security Bulletin (MS00-045) Microsoft Product Security (Jul 20)
- [ANNOUNCE] INN 2.2.3 available patrick () PINE NL (Jul 21)
- Re: Cobalt RaQ 3 security hole? Francis [loaded.net] (Jul 21)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Peter W (Jul 21)
- Re: Cobalt RaQ 3 security hole? Edward S. Marshall (Jul 24)
- Re: Cobalt RaQ 3 security hole? Wichert Akkerman (Jul 22)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Sendmail filter rule to stop Outlook exploit Koos van den Hout (Jul 21)
- <Possible follow-ups>
- Re: Cobalt RaQ 3 security hole? Forrest J. Cavalier III (Jul 25)