[OpenAFS-devel] setgroups() fails to change pag under linux 2.6
Jeffrey Hutzelman
jhutz@cmu.edu
Thu, 20 Jul 2006 17:41:13 -0400
On Thursday, July 20, 2006 08:54:40 AM -0500 David Thompson
<thomas@cs.wisc.edu> wrote:
> Jeffrey Hutzelman wrote:
>>
>>> 3) Specifically for the web server example, in your proposal, a
>>> malicious web page could fork() itself, exit the parent thead, and
>>> wait around and start collecting other authentications, as the web
>>> server changed the authentication in the pag for other requests. Yuch.
>>
>> Web pages can't call fork() or any other system call; they're just data.
>> Of course, if you have a web server that runs programs provided by
>> untrusted users, then you have a whole world of potential problems.
>
> You are correct, would "untrusted cgi/script" have been better?. We have
> this situation, and our solution is able to provide afs authentication
> for these scripts in a secure manner.
What UID do those scripts run as?
If they all run as the same user, then you haven't gained much.
And if they don't, then something with UID 0 is involved in creating them,
and the one-PAG-per-second rate limit doesn't apply to UID 0.
-- Jeff