The mailing list for listmasters using Sympa

[Cefiar <address@concealed>]

On Friday 02 December 2005 10:23, Dale Ghent wrote:
> I really question the design of sympa if it relies on suidperl.
>
> Do a Google search for "suidperl". Page after page of security issues
> are returned. Are you guys crazy? Those search results speak for
> themselves.

> Since I'm new to Sympa, can someone tell me what suidperl is used for
> and is there a more sane way of accomplishing what Sympa needs to do
> without having to resort to carte blanche root privileges?

The use of suidperl comes from LONG ago. It's quite possible to run Sympa 
without suidperl.

Basically, the reason that suidperl was needed was that the web interface 
script needs to run as the user sympa runs as. There are (at least) two other 
ways to do this:
 1. Use SuExec in Apache or your webserver of choice to run the script as the 
sympa user.
 2. Run sympa as the user Apache or your webserver of choice runs as (or run 
your entire webserver as the sympa user).

Of these, I use #1 on the systems I set up. I don't really like option #2, as 
it means that if there is a vulnerability the webserver (or anything executed 
by the webserver) could do anything to sympa. By using option #1 and limiting 
what it can do as the sympa user to just the sympa scripts, you limit the 
scope of security issues greatly. It doesn't mitigate bad security in the 
setup/config of your webserver, but if that's taken care of, it doesn't make 
anything worse.

-- 
 Stuart Young - aka Cefiar - address@concealed