another question

[Andreas Ericsson]

Joe Pruett wrote:
> why isn't setuid/gid discussed as an option to make cmd.cgi be able to 
> write to nagios.cmd?  this seems like a better option to the problem.  i 
> guess that if there are bugs in cmd.cgi it could be exploited, but i'd 
> rather limit those bugs to the nagios user than the apache user.
> 

setgid and setuid would affect the apache user as well (meaning an 
exploit could choose which user to execute code as) and is strongly 
discouraged by anyone with a clue to security. Using the suexec feature 
of apache is considered best practice for privilege separation (although 
that has its caveats as well).

> i'm using setgid so far to good effect.
> 

Then you are possibly vulnerable.

> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by: Beat the post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt