Freeside installation problem

Ivan Kohler ivan at sisd.com
Thu Mar 26 13:02:25 PST 1998 

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 26 Mar 1998, Patrick Greenwell wrote:

> On Thu, 26 Mar 1998, Ivan Kohler wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > Hello,
> > 
> > Your system needs to support executing the cgi's as the freeside user.
> > 
> > Your system might support (safe) setuid scripts.  At least Solaris and
> > Linux do, and SunOS doesn't.  I'm not sure about others.  If your system
> > doesn't support setuid scripts (by ignoring the setuid bit), Perl should
> > emulate this behavior.  This is a compile time option, and I _think_ you
> > might have to turn it on explicitly.  On my devlopment machine (Debian
> > pre-2.0), the `perl-suid' package is part of the standard installation.
> 
> Hi, I just grabbed the package, and under BSDi 3.1 with setuid/setgid
> emulation in Perl it does not work. I went and recompiled Perl 
> in order to verify this behaviour.
> 
> While understand the basic desire behind UID.pm, I cannot find a
> particularly good reason to do all the UID/GID gyrations. Is there a
> compelling reason not to run an iteration of the server as user freeside
> with appropriate authentication? 

The "UID/GID gyrations" are done to run as an unprivledged user (whatever
your web server is running as: nobody or www-data) most of the time,
switching to the more dangerous freeside user only for specific
tasks.  My feeling is that this minimizes the possibility of security
problems should someone malicious get the ability to even talk to your
freeside machine.

suExec in apache appears to provide similar functionality, though I don't
know if it leaves the ruid as nobody.  It seems safer than running the
server as the freeside user.

I wouldn't reccomend it myself, but yes, I do believe it works to run the
web server as the freeside user. 

- -- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/
"I want to go on a mountain-top / with a radio and good batteries
 play a joyous tune / and free the whole human race from suffering" -Bjork

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNRrCYb7OPBeQJv09AQFSBAP/V+79mvYLpafhPNAla9i4xlGk7d6lK+s/
aKwzcq05SjvRQY7GK2hmjhebpBY0XuTad7jAqS02OcS8q2qiWXuU+SxpWfTsrHHW
z48iHFA330QD1vBd0v0i+AAAtQvXjyYlJN8QnXXmM/4phcPPB+VUzXZF61yxisRp
api2nUpqva8=
=KRpt
-----END PGP SIGNATURE-----

More information about the freeside-users mailing list