Hi, _________________________________________________________________
Background of Problem At our [1]webhosting cooperative, each website is setup in a virtual host like this: <VirtualHost *> ServerName www.livingcosmos.org ErrorLog /var/log/apache/www.livingcosmos.org-error.log CustomLog /var/log/apache/www.livingcosmos.org-access.log combined IndexOptions FancyIndexing FoldersFirst ServerAlias livingcosmos.org ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/terry/public_html/livingcosmos.org <Location /> Options +Includes +IncludesNOEXEC </Location> Alias /pipermail /var/lib/mailman/archives/public <Location /> AddHandler perl-script .html PerlModule HTML::Mason::ApacheHandler PerlHandler HTML::Mason::ApacheHandler </Location> PerlSetVar MasonDataDir /home/terry/public_html/livingcosmos.org/m ason_data User www-data Group www-data </VirtualHost> Unfortunately, we have been hit by a [2]uselib() privilege elevation exploit. As a result, our sysadmins have decided that any CGI/mod_perl process has to run as a specific user instead of as www-data. At the moment, the sysadmins see no way to run mod_perl such that the mod_perl requests can run as a specific user. Unless I can find a way to have mod_perl processes for each virtual host run as a specific user, we will have mod_perl shutdown. _________________________________________________________________ The Question How can we setup our virtual hosts so that each one runs as a specific Unix user? _________________________________________________________________ Last updated 12-Jul-2005 21:50:04 GMT References 1. http://hcoop.net/ 2. http://packetstorm.rlz.cl/0501-exploits/uselib24.c -- Carter's Compass: I know I'm on the right track when, by deleting something, I'm adding functionality.