Re: Cobalt RaQ 3 security hole?

["Edward S. Marshall" <emarshal () LOGIC NET>]

On Fri, 21 Jul 2000, Peter W wrote:
> You think having SUID binaries lying around on the filesystem is a better
> idea? Runnable by --you said it-- 'nobody'?[0] Maybe even run by random
> other local users?

That particular trust issue is a solvable problem, especially in this
case.

Imagine a wrapper script for Apache which generates a random cookie and
writes it to a file readable only by root (and then executes Apache with
reduced priviledge, perhaps passing in file descriptors for the ports it
needs while doing so, ala INN's "startinnd").

Then imagine a setuid helper application (say, a modified suexec) whose
sole purpose in life is to read that cookie file, receive the cookie via
some form of IPC from Apache, compare the two, and allow execution of one
application within a specific set of permitted programs if the cookie
matches.

(No, this isn't a new idea; I believe the RTR Frontpage extensions do
something like this, if memory serves, although they do it within Apache,
instead of using a wrapper.)

--
Edward S. Marshall <emarshal () logic net>           http://www.nyx.net/~emarshal/
-------------------------------------------------------------------------------
[                  Felix qui potuit rerum cognoscere causas.                  ]