Apache suexec

[Stefanos Harhalakis <v13 () it teithe gr>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 I've noticed something weird when using Apache and the suexec wrapper. 
Suexec is supposed not to change uid/gid to to anything less than 
minuid/mingid. This is not so true.

 Suppose we have mingid==100 and a user with gid==0 which belongs to groups 
123,234,345. Suexec will no execute and script for this user.

 Now suppose we have the same user with gid==123 which belongs to groups0 
,234,345. Suexec will execute any cgi without problem. The running cgi will 
be a member of all those groups.

 This can be tested by simply running a shell script which calls id.

 I've found http://bugs.apache.org/index.cgi/full/1001 dated 
Sat Aug 16 13:39:01 1997. This is known for a long time but there is nothing 
done. At least there should be a note in the docs. I don't think that there 
exist a case where having gid<mingid is insecure, but being a member of a 
group with gid<mingid is secure.

<<V13>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71eP1beTfnxxoC7oRAnfJAJ93brLvwrkOoyr4IZBzg0rAFFnEdACePPhZ
brpjfoY3/ek04hP8TdBbGqU=
=tAt7
-----END PGP SIGNATURE-----