Some minor security improvements
- From:
- Andreas Krennmair
- Date:
- 2010-07-12 @ 08:57
Hi,
I just read the latest blog posting about mongrel2, and so I had a brief look
at the code and found two things that could be improved (see attached patch).
First, the Unixy_chroot() function only calls chroot() but not explicitly a
chdir(). Since mongrel2 chroots to the current working directory, this is not
an issue as the cwd becomes the new /, but it's IMHO not enough for a general
purpose wrapper function. So, just to be sure that the cwd is really the new /
of the chroot environment, calling chdir("/") would be nice.
Second, Unixy_drop_priv() only drops the real UID and GID, but not the
effective UID and GID. In the attached patch, I modified this function to use
setreuid() resp. setregid() plus an additional verification whether these
calls really did work. To further improve this, one could use setresuid()
resp. setresgid() to not only drop real and effective UID/GID, but also the
saved UID/GID. Unfortunately, these functions are not standardized at all and
not available on a number of systems (Mac OS X and Solaris come to mind). The
paper "Setuid Demystified"
http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf has more on this
rather complicated issue.
Regards,
Andreas
Re: [mongrel2] Some minor security improvements
- From:
- Zed A. Shaw
- Date:
- 2010-07-12 @ 17:45
On Mon, Jul 12, 2010 at 10:57:45AM +0200, Andreas Krennmair wrote:
> Hi,
>
> I just read the latest blog posting about mongrel2, and so I had a
> brief look at the code and found two things that could be improved
> (see attached patch).
Ah nice, thank you I'll apply these today.
And, in about 5 more years we'll have the best function:
setetotalawesomeabsoluteSPAINuid();
It'll actually, you know, finally set the UID. :-)
--
Zed A. Shaw
http://zedshaw.com/