Apache SuEXEC安全模型的分析与改进

3711200011JOURNALOFCOMPUTERRESEARCH&DEVELOPMENTVoI.37No.11Nov.20001999-10-102000-03-22.1962.1972.1935.ApacheSUEXEC100039Internet!CGI.Safe-PerI3PerICGICGI#CGI.ApacheSuEXEC4Cgiwrapper5!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.3.1SheII.PerI.SheII.PerI..CGI.2.3.3.Apache6SuEXECCGI.SuEXEC.CGI..!=/cgi-bin/mtMETHOD=PostINPUTNAME=AddressSIZE=256INPUTNAME=SubmitVALUE=INPUTNAME=ResetVALUE=/FORM2mtpImaiIto=!getnamefrominputopenMAILI/usr/Iib/sendmaiImaiItoprintMAILmaiImaiItoncIoseMAILWeb..emaiIsomebody@somewhere.commaiIbadguy@hacker.org/etc/passwdopen/usr/Iib/sendmaiIsomebody@somewhere.commaiIbadguy@hacker.org/etc/passwdsomebody@somewhere.compasswdbadguy@hacker.orgWeb./usr/Iib/sendmaiIsomebody@somewhere.com/bin/rm-rf!.Web.64312000CGI...CGICGISheII.CGI..3ApacheSUEXECCGI.3ApacheSUEXECApacheWebNCSA..bUg2.ApacheSUEXECWebCGISSIserversideincIUde.ApacheforkCGIwrapper.3.1ApacheSUEXECApacheIDCGIWeb.setUid.ApacheSUEXECHTTPSUEXECIDCGISSIWebIDApacheCGISSIIDIDSUEXEC.SUEXECSUEXEC.SUEXEC...SUEX-EClSUEXEC2.SUEXEC202.l.Web.l.ll2CGISUEXECSUEXEC.2SUEXEC..SUEXEC!!020.743lllApacheSUEXEC1SUEXECChar!progSuEXEC/uSr/IocaI/apache/Sbin/SuexecStructpasswd!pwIDStructstatdirinfoStructstatprginfoStructgroup!grCGICGIChar!cmdCGIHTTPChar!actualunameSuEXECSuEXECChar!actualgnameSuEXECSuEXECChar!targetunameCGIHTTPChar!targetgnameCGIHTTPChar!documentrootHTML/uSr/IocaI/apache/Share/htdocSChar!userdirsuffixPubIichtmIChar!logfile/uSr/IocaI/apache/var/Iog/SuexecIogChar!safepath/uSr/IocaI/bin/uSr/bin/binChar!callerIDSuEXEC==0uidUIDMINexit107UIDUIDMINGetpwuiduidIDifstrcmpclllerIDpw-pwnameexit103SuEXECHTTPdaemonSuEXECGetpwnamtargetunameCGIGetgrnamtargetgnameCGIifgid==0gidGIDMINexit108GIDGIDMINLstatcmd&prginfoCGIiflstatcwd&dirinfo=0SISDIRdirinfo.stmodeexit115CWDifdirinfo.stmode&SIWOTHdirinfo.stmode&SIWGRPexit116CWDiflstatcmd&prginfo=0SISLNKprginfo.stmodeexit117CGIifprginfo.stmode&SIWOTHprginfo.stmode&SIWGRPexit118ifprginfo.stmode&SISUIDprginfo.stmode&SISGIDexit119setuidorsetgid84312000l2SUEXEC!!SUEXECsetUid!!CGI!ApacheSUEXECSUEXECl!943lllApacheSUEXEC2CGIargu3..3uidgidrootuidgid.SUEXECrootCGIuidgidSUEXECWeb.!SUEXEC..!.1ftprlogintelenet2CGI.22mtmailto=&getnamefrominpUtUnlessmailto=~/^\w.!ndieabc@somewhere.com3sUEXECCGI4Web..23CGI.!.#.SUEXEC1.CGI..33Unix432..2Shell.05312000&~~\I!\n\r3.3..SuEXECSuEXECSuEXECSuEXEC2...!.3..SuEXEC..setrlimitarularu2arularu2.structconfIonglimitcpu/!CPU!/Ionglimitnproc/!!/Ionglimitmemd/!!/Ionglimitmemu/!!/ifconflimitcpu=NULLifsetrlimitRLIMITCPUconflimitcpu=0logunixerrsetrlimitNULLfaiIedtosetCPUusageIimitrseruer!#!l.ApacheWeblhtmIRootDoc2mt.pI/cgi-bin/.SuEXECcpsuexec/usr/IocaI/etc/httpd/sbin/suexecENTERchownroot/usr/IocaI/etc/httpd/sbin/suexecENTERchmod47ll/usr/IocaI/etc/httpd/sbin/suexecENTER2WeblFormsomebody@somewhere.commaiItjIuo@cc5.gsbustc.ac.cn/etc/passwdtjIuo@cc5.gsbustc.ac.cnE-maiI./etc/passwd..3.lSuEXECargu3SheII.4.$.l53lllApacheSuEXEC4.CGISuEXEC.CGI.CGI.193!#$.WebSpoofingAnInternetcongrame.DepartmentofComputerSciencePrincetonUniversityTechRep540-9619978BrussinDI.AwhitepaperanaiyzingtheMSChiddenformfieidWebsitevuinerabiiity.http//!#$.Thesafe-tcisecuritymodei.InProc1998UsenixAnnaiTechnicaiConfUsenixAssociate.BerkeieyCaiif1998.27128225312000ApacheSuEXEC安全模型的分析与改进作者：罗铁坚，徐海智，董占球，LUOTie-Jian，XUHai-Zhi，DONGZhan-Qiu作者单位：中国科学技术大学研究生院,北京,100039刊名：计算机研究与发展英文刊名：JOURNALOFCOMPUTERRESEARCHANDDEVELOPMENT年，卷(期)：2000,37(11)参考文献(9条)1.LevyJThesafe-tclsecuritymodel19982.BrussinDIAwhitepaperanalyzingtheMSChiddenformfieldWebsitevulnerability19983.FeltenEWWebSpoofing:AnInternetcongrame19974.查看详情19995.NathanNeulingerCgiwrapper6.查看详情19997.MalrolmBeattieSafecgiperl19998.查看详情19999.JasonNvgentServerSideIncludesandCGISecurity1998本文链接：