A Demonstration of suEXEC
So far, for the sake of simplicity, we have been running everything as root, to which all things are possible. To demonstrate suEXEC, we need to create a humble but ill-intentioned user, Peter, who will write and run a script called badcgi.cgi intending to do harm to those around. badcgi.cgisimply deletes /usr/victim/victim1 as a demonstration of its power — but it could do many worse things. This file belongs to webuser and webgroup. Normally, Peter, who is not webuser and does not belong to webgroup, would not be allowed to do anything to it, but if he gets at it through Apache (undefended by suEXEC ), he can do what he likes.
Peter creates himself a little web site in his home directory, /home/peter, which contains the directories:
conf logs public_html
and the usual file go:
httpd -d /home/peter
The Config file is:
User webuser Group webgroup ServerName www.butterthlies.com ServerAdmin sales@butterthlies.com UserDir public_html AddHandler cgi-script cgi
Most of this is relevant in the present situation. By specifying
webuser and webgroup, we
give any program executed by Apache that user and group. In our guise
of Peter, we are going to ask the browser to log
onto
httpd://www.butter-thlies.com/~peter — that
is, to the home directory of Peter on the
computer whose port answers to www.butterthlies.com.
Once in that home directory, we are referred totheUserDir
public_html,which acts pretty much
the same as DocumentRoot
in the web sites with which we have been ...
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.