Switching effective UID based on authentication

Switching effective UID based on authentication

Post by Stephen L. Favo » Fri, 02 Jul 1999 04:00:00



Can anyone think of a way to do the following:

I have an SQL DB (PostgreSQL) running which has been configured
with GRANTs to allow system users the proper read/write access to
the various tables in the DB.  When I go to access this through
apache with PHP, I'm forced to use the UID apache is running under
to access the DB.  This totally defeats the security in the
database.  What I would like to do is set up a .htaccess which has
the allowable system users in it and change the effective UID to
the user that logged in while PHP is accessing the DB so that
user's credentials are used by the DB.  This is on an Intranet, so
I'm not overly concerned with security of the web server.
Securing the DB is much more important.

 
 
 

Switching effective UID based on authentication

Post by John Imri » Fri, 02 Jul 1999 04:00:00



> Can anyone think of a way to do the following:

> I have an SQL DB (PostgreSQL) running which has been configured
> with GRANTs to allow system users the proper read/write access to
> the various tables in the DB.  When I go to access this through
> apache with PHP,

There is an SUID package that comes with Apachie, although I've never
used it. A quick search on the Apache web site should sort you out with
the required documentation.

 
 
 

1. UID / effective UID problem

Hi,

Consider a user U, programs A which is set-uid A, program B is set-uid B.
U, A, and B are all simple mortals. No root-privilege.

Now, U calls A. As part of it's job, A fork/execs B. U should not need to
know that B is involved.

So we have

            real UID       effective UID   saved-set-UID
-------------------------------------------------------------
U's shell       U               U               U

program A       U               A               A

program B       U               B               B

A 'knows' its user U calling, and can check his credentials in , say, A.allow.
I want B to be able to authorize A using it's B.allow. But it can't! It can't
tell that its being called by A.
It does know the original caller was U, but in my situation that's irrelevant.

So, I studied Steven's 'Advanced Programming in the Unix Environment', section
8.10. to find out that BSD has a setreuid(), which can swap the real and
effective uid.
All other calls don't seem to help in this particular problem.

Now it looks like this:

            real UID       effective UID   saved-set-UID
-------------------------------------------------------------
U's shell       U               U               U

program A       U               A               A
  setreuid(..)  A               U               A

program B       A               B               B

That's exactly what I want! B can now whether A has the right to call B.
U is no longer visible!

Great. But *sigh*, it's not in XPG4, which is our portability goal.

So here's the question:
How can B tell it's A calling, using stuff available in Xopen XPG4 ??

Any hints are very much appreciated!

--

Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

2. Errors booting from CD-ROM

3. effective UID vs. Real UID with su - problem

4. HP LaserJet 4 Plus

5. setuid to a non-root uid for both effective&real uid

6. What's your machine name

7. Effective and Real UID and GID

8. PCMCIA IDE drive takes out my modem...

9. Set effective uid?

10. Spawning shells with different effective uid's

11. Effective vs. Real UIDs

12. setting an effective uid.

13. problems setting effective UID