Sudo starts a new process under another user. Currently it isn't
possible to switch the user of the running process. This patch allows to
switch the user of the running process and also allows to switch back to
the original user. Only specific users may switch to other specific
users (the same as sudo).
Apache is run under user 'www-data', which has no privileges except to
switch to any user in the 'www-data' group. As long as no arbitrary code
is run withing the apache process, all should be save. CGI's are run as
new process, so they can't switch back to 'www-data'.
Again, I'm not the developer of this patch. So I might need to correct
myself later if I've got any details wrong.
Please don't hesitate to should any holes in this approach if you see any.
Alain Williams schreef:
On Wed, Jan 17, 2007 at 01:38:57PM +0100, Arnold Daniels wrote:
Hi again,
Yes we can share it with the world, but first it should be reviewed by
others to see if we haven't missed anything which makes the system less
secure instead of more. Also the source code is currently really dirty
and specified on our situation (to little to config, mod_diffpriv also
does mass virtual hosting, etc.).
Please send me an e-mail, if you would like to review it and I'll send
you the source code. Again, please note that you need to patch your
kernel for it, so you need to do it on some test server or a virtual
machine.
The kernel patch is the interesting thing ... for this to fly the kernel
developers
will need to be convinced. What does the kernel patch do ?
