another question

[Joe Pruett]

> setgid and setuid would affect the apache user as well (meaning an 
> exploit could choose which user to execute code as) and is strongly 
> discouraged by anyone with a clue to security. Using the suexec feature 
> of apache is considered best practice for privilege separation (although 
> that has its caveats as well).
> 
> > i'm using setgid so far to good effect.
> > 
> 
> Then you are possibly vulnerable.

but the faq is telling people to make the entire web server run with the
gid of nagioscmd.  for now i'm just using setgid nagios (not root) for
testing, but i plan to create the dummy group for real use.  by running
the entire web server with that gid, any web page (php, ssi) or cgi has
the potential to submit commands without any authentication.  i guess that
any page could call the setgid binary directly as well and fake the auth
info. i agree that suexec would be good, but that requires very specific
directory layout, or recompliation of suexec.  has the idea of nagios 
having its own authentication system been looked at?  that would allow a 
setgid cgi to only allow submission with proper credentials.




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt