Slide 1

Slide 1 text

͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ WebΞϓϦέʔγϣϯ࣮ߦ؀ڥʹ ͓͚ΔηΩϡϦςΟ 2019/01/25 ্ڃݚڀһ দຊ ྄հ ෱ԬΏΔͬͱITަྲྀձ vol.9ʮηΩϡϦςΟͷ࿩Λฉ͜͏ʯ

Slide 2

Slide 2 text

2 ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰ ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰ ɾηΩϡϦςΟɾΩϟϯϓߨࢣ ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ ɾژ౎େֶത࢜ʢ৘ใֶʣ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory

Slide 3

Slide 3 text

3 WebΞϓϦέʔγϣϯΛ࣮ߦ͢Δ؀ڥͰ͋ΔWebαʔόɼ͞Βʹ͸ɼϗε ςΟϯάαʔϏε΍Ϋϥ΢υαʔϏεɼVM΍ίϯςφͱ͍༷ͬͨʑͳ؀ڥ͕ ଘࡏ͠·͢ɽ ຊൃදͰ͸ɼͦΕΒΛͰ͖Δ͚ͩ੔ཧ্ͨ͠ͰɼOSͷηΩϡϦςΟʹؔ͢Δ جૅ஌ࣝΛ਎ʹ͚ͭΔͨΊʹɼϗεςΟϯάαʔϏεͷΑ͏ͳWebΞϓϦ έʔγϣϯ࣮ߦ؀ڥʹ͓͍ͯɼHWϦιʔείετ΍ੑೳΛ୲อͭͭ͠ɼη ΩϡϦςΟΛ୲อ͢ΔͨΊͷ༷ʑͳपลٕज़ʹ͍ͭͯ঺հ͠·͢ɽ ࠓ೔ͷ࿩

Slide 4

Slide 4 text

4 1. WebαʔόͷԾ૝Խɾִ཭ٕज़ͷ෼ྨ 2. Webαʔόʹ͓͚Δಈతίϯςϯπͱ೷͖ݟ 3. CGI࣮ߦํࣜͷηΩϡϦςΟ 4. DSO࣮ߦํࣜͷηΩϡϦςΟ 5. ͦͷଞ࠷৽ͷݚڀಈ޲ ໨࣍

Slide 5

Slide 5 text

1. WebαʔόͷԾ૝Խɾִ཭ٕज़ͷ෼ྨ

Slide 6

Slide 6 text

6 1. XenɼKVM΍VMware౳ͷԾ૝ϚγϯͰϗετΛ෼͚Δํ๏ 2. LXCɼOpenVZɼDocker౳ͷίϯςφܕԾ૝ԽͷΑ͏ʹϑΝΠϧγεςϜ΍ ໊લۭؒΛૢ࡞͢ΔγεςϜίʔϧʹΑͬͯOS্ʹෳ਺ͷԾ૝తͳִ཭؀ڥ Λ༻ҙ͠ϗετΛ෼͚Δํ๏ 3. IPΞυϨε΍ϙʔτ୯ҐͰෳ਺ͷϗετΛ෼཭֤͠ϗετʹݸผͷϓϩηεΛ ༻ҙͯ͠ىಈͤ͞Δख๏ → WebΞϓϦέʔγϣϯαʔό౳ 4. ୯Ұͷαʔόϓϩηε܈Ͱෳ਺ͷϗετΛԾ૝ϗετํࣜʹΑΓѻ͏ख๏ Ϋϥ΢υɾϗεςΟϯάͷϗετͷִ཭෼ྨ

Slide 7

Slide 7 text

7 • ϗετ୯ҐͰ(1)VMϞσϧɺ(2)ίϯςφϞσϧɺ(3)୯७ϓϩηεϞσϧͰ෼཭ • (1)͔Βॱʹִ཭Ϩϕϧ͕ߴ͘ίετ΍༻్ʹ߹Θܾͤͯఆ͢Δ • (2)ͷϞσϧͷయܕతͳߏ੒ αʔόӡ༻΍ηΩϡϦςΟΛॏࢹͨ͠৔߹

Slide 8

Slide 8 text

8 • unshare(): IPCɺnetɺmountɺpidɺuserͳͲͷ໊લۭؒΛִ཭ • chroot(): rootσΟϨΫτϦͷมߋ • Ծ૝Ϛγϯͱൺֱִͯ͠཭౓͸௿͍͕ऩ༰αʔό୯ҐͰͷऩ༰ޮ཰͸ߴ͍ • OSͷγεςϜྖҬ͔ΒϑΝΠϧγεςϜɾ໊લۭؒͰִ཭Մೳ • chroot؀ڥʹϑΝΠϧϕʔεͰॆ࣮ͨ͠ϥΠϒϥϦ؀ڥΛߏஙՄೳ • ϗετ୯ҐͰෆඞཁͳίϚϯυ΍ϥΠϒϥϦΛ഑ஔ͠ͳ͍ͱ੍͍ͬͨޚ͕Մೳ unshare()౳ͰϓϩηεΛִ཭͢ΔϞσϧ(2)

Slide 9

Slide 9 text

9 • ϗετ୯ҐͰݸผͷJVMΛ༻ҙ • ΞϓϦέʔγϣϯαʔόʹΑΔ୯७ͳϓϩηε෼཭Ϟσϧ(3)ʹ֘౰ • SteinʹΑΔख๏ [1] • (3)ͷख๏ϕʔεͰҟͳΔϢʔβݖݶͰϓϩηεΛىಈ͢Δख๏ • ෳ਺ͷαʔό΁εέʔϧΞ΢τ͢Δ͜ͱ͕ࠔ೉Ͱ͋Δ՝୊΋͋Δ JavaServlet΍Ruby on RailsͷϞσϧ(3) [1] L. Stein, “SBOX, put CGI scripts in a box,” USENIX Annual Technical Conference, General Track, pp.145–155, June 1999.

Slide 10

Slide 10 text

10 • (4)୯Ұͷαʔόϓϩηε܊Ͱෳ਺ͷϗετΛԾ૝తʹॲཧ͢Δߏ੒ • WebαʔόͷԾ૝ϗετํࣜͱΑ͹ΕΔϚϧνςφϯτΞʔΩςΫνϟ • ϦιʔείετΛޮ཰Խͤ͞ΔͨΊʹ͸౎߹ͷྑ͍ߴूੵϞσϧ ߴूੵʹϗετΛऩ༰͢Δ৔߹ͷϞσϧ

Slide 11

Slide 11 text

11 • Ծ૝ϗετํࣜʹΑΔϚϧνςφϯτΞʔΩςΫνϟΛ࠾༻ • ୯ҰͷҰൠతͳWebαʔόʹ਺ສҎ্ͷϗετΛऩ༰Մೳ • εϖοΫͱͯ͠CPU24εϨουɺϝϞϦ32GBఔ౓ͷWebαʔόΛ૝ఆ • ϗεςΟϯάαʔϏεͰྑ͘࠾༻͞ΕΔϞσϧͰ΋͋Δ ߴूੵWebαʔόͱ͸

Slide 12

Slide 12 text

12 • ΞΫηεͷ߹ͬͨϗετ໊ʹରԠͨ͠υΩϡϝϯτϧʔτΛಈతʹղੳ • Ծ૝ϗετ਺ʹϓϩηε਺͕ґଘ͠ͳ͍ͨΊߴूੵऩ༰࣌ʹޮ཰͕ྑ͍ • ڞ༗ετϨʔδʹσʔλΛల։͢Ε͹Webαʔό܈ͷෛՙ෼ࢄ͕Մೳ • σʔλ΍ઃఆ͕Webαʔόʹݻఆ͞Εͳ͍ͨΊ • ಈతίϯςϯπͷ࣮ߦʹ༷ʑͳ޻෉͕ඞཁͱͳΓෳࡶͰ͋Δ • Ϧιʔεڝ߹໰୊΍ηΩϡϦςΟͷ୲อɺߴूੵ࣌ͷੑೳ΍ӡ༻ٕज़ͷ໰୊ Ծ૝ϗετํࣜͷϝϦοτͱσϝϦοτ

Slide 13

Slide 13 text

13 • Ծ૝ϚγϯϨϕϧͷ෼཭ • ߴूੵʹϗετΛऩ༰͢Δʹ͸ෆ޲͖ɾηΩϡϦςΟॏࢹͷ৔߹ • ϓϩηεϨϕϧͷ෼཭ • ϗετ਺ʹґଘͯ͠ϓϩηε਺͕૿Ճ͢ΔͨΊߴूੵʹ͸ෆ޲͖ • ୯Ұͷαʔόϓϩηε܈Ͱෳ਺ͷϗετΛԾ૝తʹ෼཭ • ϗετ਺ʹґଘ͠ͳ͍ͨΊߴूੵʹద͍ͯ͠Δ • ಛఆͷϗετͷϦιʔεઐ༗͕αʔόϓϩηεͷϦιʔεΛઐ༗͢Δ ߴूੵऩ༰ʹ͓͚Δϗετִ཭·ͱΊ

Slide 14

Slide 14 text

2. Webαʔόʹ͓͚Δಈతίϯςϯπͱ ೷͖ݟ

Slide 15

Slide 15 text

15 • CGIʢCommon Gateway Interfaceʣ࣮ߦํࣜ • DSOʢDynamic Shared Objectʣ࣮ߦํࣜ Webαʔόʹ͓͚Δಈతίϯςϯπ࣮ߦํࣜ

Slide 16

Slide 16 text

16 CGI࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱൺֱతେ͖ͳ ΠϯλϓϦλόΠφϦʢ1)1ͩͱQIQDHJʣͷ FYFDWF ͕ඞཁ

Slide 17

Slide 17 text

17 DSO࣮ߦํࣜ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ QBSTF SVO αʔόϓϩηεʹΠϯλϓϦλΛϥΠϒϥϦ ͱͯ͠௚઀૊ΈࠐΜͰ͓͘

Slide 18

Slide 18 text

18 • CGI࣮ߦํࣜ • ΠϯλϓϦλͷෳ਺όʔδϣϯΛ࣮ߦͰ͖Δ • DSO࣮ߦํࣜ • ੑೳ͸ߴ͍͕جຊతʹ͸୯ҰͷWebαʔόʹΠϯλϓϦλΛෳ਺όʔδϣϯ ࣋ͯͳ͍ • ࣮ߦํࣜʹΑΒͣݖݶ෼཭ػೳΛར༻͠ͳ͍৔߹͸Webαʔόϓϩηεͱಉ༷ ͷΦʔφͰ࣮ߦ͞ΕΔͨΊηΩϡϦςΟ্ͷ՝୊͕͋Δ ಈతίϯςϯπͷ࣮ߦํࣜͷͦͷଞಛ௃

Slide 19

Slide 19 text

19 • OSͷγεςϜྖҬͰWebαʔόϓϩηεΛҰൠϢʔβͷݖݶͰىಈ • ҰൠϢʔβͰӾཡՄೳͳΦʔφઃఆͷϑΝΠϧ΍σΟϨΫτϦ͸ӾཡՄೳ • Webαʔόϓϩηε͸Ծ૝ϗετͷશͯͷίϯςϯπΛૢ࡞͢Δඞཁ͕͋Δ • ΞΫηε੍ޚΛ͠ͳ͍৔߹ɺશͯͷԾ૝ϗετ͕૬ޓʹίϯςϯπΛ೷͖ݟՄ ೳʹͳΔ Ծ૝ϗετํࣜͷݖݶ෼཭

Slide 20

Slide 20 text

20 Ծ૝ϗετؒͰͷίϯςϯπ೷͖ݟ w JOEFYDHJ͸BQBDIFݖݶͰ࣮ߦ w JOEFYDHJͷதͰ֎෦ίϚϯυ࣮ߦʹ ΑΓIPTUͷJOEFYDHJΛSFBE͢Δͱ ಺༰͕ӾཡՄೳ w JOEFYDHJͷதʹECQBTT͕ॻ͔Εͯ ͍Δ͜ͱ΋͋Δ

Slide 21

Slide 21 text

21 • suEXECͷΑ͏ͳΞΫηε੍ޚػߏΛར༻ • ಈతίϯςϯπͷ࣮ߦΦʔφΛαʔόϓϩηεͷΦʔφͱม͔͑ͯΒ࣮ߦ • ֤ϗετ୯ҐͰ࣮ߦΦʔφΛݸผʹมߋ͢Δ͜ͱͰ೷͖ݟΛ๷͙ Ծ૝ϗετํࣜͷΞΫηε੍ޚͷجຊઓུ

Slide 22

Slide 22 text

3. CGI࣮ߦํࣜͷηΩϡϦςΟ

Slide 23

Slide 23 text

23 • VirtualHostʹ͓͍ͯଞϗετྖҬΛӾཡͰ͖ͳ͍ߏ੒ΛߏஙՄೳ • CGI࣮ߦ࣌ʹ࣮ߦΦʔφΛมߋ͢ΔΞʔΩςΫνϟ CGI࣮ߦํࣜͱsuEXECͷجຊઓུ

Slide 24

Slide 24 text

24 CGI࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱ ൺֱతେ͖ͳόΠφϦʢ1)1ͩͱQIQDHJόΠφϦʣͷ FYFDWF ͕ඞཁ

Slide 25

Slide 25 text

$(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ ˞$(* TV&9&$

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

27 • DoerschΒʹΑΔख๏[1] • suEXEC࣌ʹ֤ϗετ؀ڥͰchroot()γεςϜίʔϧʹΑΓִ཭ • ϗετྖҬ֎ͷϑΝΠϧΛӾཡ͢Δ͜ͱ͕Ͱ͖ͳ͍ • ϗετ୯ҐͰݸผʹϥΠϒϥϦ΍࣮ߦ؀ڥΛ༰қ͢Δඞཁ͸͋Δ • ෳ਺ͷ࣮ߦ؀ڥͷݻఆతͳϥΠϒϥϦ͸ϋʔυϦϯΫͰࢀর͢Δ͜ͱʹΑΓ ࣮ߦ؀ڥߏங΍࢖༻༰ྔͷίετΛ࡟ݮՄೳ suEXECͱchrootͷ૊Έ߹ΘͤʹΑΔִ཭ख๏

Slide 28

Slide 28 text

$(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS DISPPU ޙ TFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF DISPPU&OWJSPONFOU ˞%PFSTDIΒͷख๏

Slide 29

Slide 29 text

29 • CGIϓϩάϥϜ࣮ߦ୯ҐͰϓϩηεͷੜ੒ɾഁغ͕ඞཁͱͳΓੑೳ͕௿͘ͳΔ • suEXECϓϩάϥϜͷexecv()΋ෳ਺ճ࣮ߦ • ϓϩάϥϜͷΠϯλϓϦλΛ࠷ॳ͔Βىಈ͢Δඞཁ͕͋Γىಈίετ͕ߴ͍ • DSOͷΞΫηε੍ޚͷੑೳͱൺֱͯ͠ޙड़ CGI࣮ߦํࣜͷΞΫηε੍ޚͷ՝୊

Slide 30

Slide 30 text

4-1. DSO࣮ߦํࣜͷηΩϡϦςΟ (ΞϓϦέʔγϣϯϨΠϠʔͰͷΞΫηε੍ޚ)

Slide 31

Slide 31 text

31 • αʔόϓϩηεʹ૊ΈࠐΜͩΠϯλϓϦλ͕ϓϩάϥϜΛ௚઀࣮ߦ • ϦΫΤετ୯ҐͰϓϩηεͷੜ੒ɾഁغ͕ෆཁ • ΠϯλϓϦλΛ࠷ॳ͔Βϩʔυ͢Δඞཁ΋ແ͠ • εΫϦϓτͷߦ಄ʹShebangߦͷهड़΋ඞཁແ͠ • αʔόϓϩηεͷΦʔφͰ࣮ߦ͞ΕΔͨΊηΩϡϦςΟʹ஫ҙ͕ඞཁ • ΞΫηε੍ޚख๏͕͍͔ͭ͘ఏҊ͞Ε͖ͯͨ DSO࣮ߦํࣜͷϝϦοτͱݖݶ෼཭

Slide 32

Slide 32 text

32 DSO࣮ߦํࣜ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ QBSTF SVO αʔόϓϩηεʹΠϯλϓϦλΛϥΠϒϥϦ ͱͯ͠௚઀૊ΈࠐΜͰ͓͘

Slide 33

Slide 33 text

33 • DSO࣮ߦํࣜͰ͋Δmod_php͸ηʔϑϞʔυͱ͍͏ػೳ͕͋ͬͨ • Ծ૝ϗετํࣜͷݖݶ෼཭Λ࣮ݱ͢ΔͨΊͷࢼΈ [2] • PHPಛ༗ͷηΩϡϦςΟػߏͰ͋Γ൚༻ੑʹ͚ܽͨ • OS΍ϑΝΠϧγεςϜͷݖݶ෼཭ͷ՝୊ΛΞϓϦέʔγϣϯϨΠϠʔͰ࣮ݱ ͢Δʹ͸ΞʔΩςΫνϟ্ݱ࣮తͰ͸Μ͔ͬͨ • PHP5.3.0Ͱ࢖༻͕ඇਪ঑ͱͳΓɺPHP5.4.0Ͱػೳ࡟আ PHPͷηʔϑϞʔυ <>IUUQQIQOFUNBOVBMKBGFBUVSFTTBGFNPEFQIQ

Slide 34

Slide 34 text

ϝοηʔδ

Slide 35

Slide 35 text

DSO࣮ߦํࣜͷηΩϡϦςΟ (਌αʔόϓϩηεͷrootԽΛར༻ͨ͠ΞΫηε੍ޚ) 4-2.

Slide 36

Slide 36 text

36 • NakamitsuΒʹΑΔख๏ [3] • ApacheϞδϡʔϧmod_suid2ͱ࣮ͯ͠૷ • αʔόϓϩηεΛrootݖݶͰىಈ͓͖ͯ͠ɺϦΫΤετ୯ҐͰݖݶΛมߋ rootͷαʔόϓϩηεͰݖݶ෼཭͢Δख๏ [33] Hideo N, mod-suid2, http://code.google.com/p/ mod-suid2/

Slide 37

Slide 37 text

37 DSO࣮ߦํࣜ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ QBSTF SVO αʔόϓϩηεʹΠϯλϓϦλΛϥΠϒϥϦ ͱͯ͠௚઀૊ΈࠐΜͰ͓͘

Slide 38

Slide 38 text

1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO ˞NPE@TVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ

Slide 39

Slide 39 text

39 • DSO࣮ߦํࣜͷϝϦοτͰ͋ΔύϑΥʔϚϯεͷԸܙ͕ಘΒΕͳ͍ • ϦΫΤετ୯ҐͰࢠαʔόϓϩηεΛੜ੒ɾഁغ͢Δඞཁ͕͋Δ • ࢠαʔόϓϩηεͷੜ੒ɾഁغ͸CGIϓϩηεͷੜ੒ɾഁغΑΓ΋ίετߴ • ݁ՌతʹCGIํࣜͰϓϩάϥϜΛ࣮ߦ͢ΔΑΓ΋ੑೳ͕௿Լ • αʔόϓϩηεʹ೚ҙͷίϚϯυΛ࣮ߦ͢Δ੬ऑੑ͕͋Δ৔߹ • ༰қʹrootݖݶΛ࣋ͬͨϓϩηεΛୣΘΕΔ mod_suid2ͷ՝୊

Slide 40

Slide 40 text

40 • αʔόϓϩηεΛrootͰىಈ͠ηΩϡΞOSͰrootͷಛݖΛҰ෦੍ݶ͓ͯ͘͠ • ϦΫΤετຖʹfork()ͰϓϩηεΛੜ੒͠ɺϓϩηεͷݖݶΛมߋ͔ͯ͠Βί ϯςϯπΛ࣮ߦɺϓϩηεΛഁغ͢Δख๏ • mod_suid2ΑΓ҆શͰ͋Δ͕ϦΫΤετ୯ҐͰϓϩηεͷੜ੒ɾഁغ͕ඞཁ • ݪཧతʹDSO࣮ߦํࣜͰ͋ͬͯ΋suEXECΛ࢖ͬͨCGIఔ౓ͷੑೳʹͳΔ ݪΒʹΑΔख๏ [4] [4] ݪ େีɼඌ྄࡚ଠɼฌ಄࿨थɼதࢁହҰɼ“Harache: ϑΝΠϧॴ༗ऀͷݖݶͰಈ࡞͢Δ WWW αʔόɼ” ৘ॲֶ࿦ɼ vol.46, no.12, pp.3127–3137, 2005.

Slide 41

Slide 41 text

41 • CGI࣮ߦํࣜ(chroot+suEXEC)ɺCGI࣮ߦํࣜ(suEXEC)ɺDSO(mod_suid2) • ಉ࣌઀ଓ਺Λ1͔Β450ʹมԽͤ͞ͳ͕ΒඵؒͷϨεϙϯε਺Λܭଌ • PHPͰจࣈྻΛग़ྗ͢Δ͚ͩͷCGIϓϩάϥϜΛར༻ ࢀߟ: ੑೳධՁ

Slide 42

Slide 42 text

42 ࣮ݧ؀ڥ

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

DSO࣮ߦํࣜͷηΩϡϦςΟ (ಛݖΛ׆༻ͨ͠ϓϩηε୯ҐͷΞΫηε੍ޚ) 4-3.

Slide 45

Slide 45 text

45 • ੑೳ໘ʹ͓͍ͯCGI͸ຊདྷద͍ͯ͠ͳ͍ • ऩ༰਺͕૿͑ΔͱϓϩηεͷϝϞϦ࢖༻ྔ͕૿͑fork()ͷޮ཰௿Լ • ͦ΋ͦ΋ϦΫΤετ୯ҐͰfork()͢ΔͷͰ஗͍ • DSO͸ຊདྷfork()Λ࣮ߦ͠ͳ͍ͨΊߴ଎ʹಈ࡞͢Δ͕ • ैདྷͷDSOͷΞΫηε੍ޚ͸ϦΫΤετຖʹfork()Λ࣮ߦ͢Δ ߴूੵϚϧνςφϯτͱCGIɾDSOͷੑೳ

Slide 46

Slide 46 text

46 • NakamitsuΒʹΑΔmod_ruid2 [6] • rootͰαʔόϓϩηεΛىಈ͢ΔͷͰ͸ͳ͘rootͷಛݖΛࡉ෼Խ্ͨ͠ͰҰൠ ϢʔβʹಛݖΛҰ෦༩͑Δ → Linux Capability • ΦʔφΛมߋ͢ΔCAP_SETUIDͱCAP_SETGIDΛ༩͑Ε͹ྑ͍ ҰൠϢʔβͷϓϩηεͰݖݶ෼཭͢Δख๏ [6] Hideo, N, mod-ruid2, https://github.com/mind04/mod-ruid2 ΦϑΟγϟϧͷURL͕΋͏ݟ౰ͨΒͳͯ͘୅ΘΓʹmind04͞Μ͕ఏڙΛଓ͚͍ͯΔ໛༷

Slide 47

Slide 47 text

47 • ೚ҙΞΫηε੍ޚʢDACʣ • ࣗ਎͕࡞ͬͨϦιʔε΁ʹΞΫηε͸ࣗ਎͕ܾఆ • UNIXͷඪ४తͳϞσϧ • ڧ੍ΞΫηε੍ޚʢMACʣ • ࣗ਎͕࡞ͬͨϦιʔεʹ׬શʹΞΫηεͰ͖ΔΘ͚Ͱ͸ͳ͍ • ؅ཧऀ͕ܾఆ → SELinuxɺTOMOYO Linux ΞΫηε੍ޚϞσϧͷ෮श

Slide 48

Slide 48 text

48 • Linux2.2Ҏ߱ • ैདྷͷ2֊૚ͷDACݖݶϞσϧͷ֦ு • εϨου୯Ґʹ੍ޚՄೳͳಛݖάϧʔϓ • εϨου͸3छྨͷcapability setΛ࣋ͭ • PermittedɺEffectiveɺInheritable • capability setͷ૊Έ߹ΘͤʹΑͬͯcapabilityͷݖݶΛ੍ޚ Linux Capabilities

Slide 49

Slide 49 text

49 • Permitted͸ڐՄ • EffectiveͷηοτɾΞϯηοτ͕Մೳ • PermittedΛΞϯηοτ͢Δͱ໭Εͳ͍ • Effective͸࣮ޮ • ࣮ࡍͷݖݶՄ൱νΣοΫ͸EffectiveΛ൑ఆ͢Δ • Permitted͕ڐՄ͞Ε͍ͯΕ͹Ξϯηοτޙͷ࠶ηοτ͕Մೳ PermittedͱEffective

Slide 50

Slide 50 text

50 • ໿40άϧʔϓʹ෼ׂ͞Ε͍ͯΔ • uidɾgidมߋͷಛݖ • ಛݖϙʔτʢ1024ҎԼʣͷόΠϯυಛݖ • chrootͷಛݖ • rebootͷಛݖͳͲͳͲ…….. ಛݖͷࡉ෼Խ

Slide 51

Slide 51 text

51 • ಛݖΛ͍࣋ͬͯΔҰൠϢʔβͰ΋execve()࣌ʹಛݖ͕མͱ͞ΕΔ • ͨͩ͠ɺrootݖݶͰexecve()ͨ͠৔߹͸ಛݖΛҾ͖ܧ͛Δ • ϑΝΠϧࣗମʹಛݖΛઃఆͨ͠৔߹͸execve()࣌ʹಛݖΛҾ͖ܧ͙ • ͋Β͔͡ΊϑΝΠϧʹಛݖΛઃఆ͢Δඞཁ͋Γ • ೚ҙͷίϚϯυΛ೚ҙͷϢʔβͰಛݖΛ༩࣮͑ͭͭߦ͢Δ৔߹͸Ͱ͖ͳ͍ʁ • ҰൠϢʔβͰͷexecve()͕ඞཁɺ͔ͭɺϑΝΠϧʹಛݖΛઃఆͰ͖ͳ͍ ࣮૷࣌ͷ஫ҙ఺΍੍໿ͳͲ

Slide 52

Slide 52 text

52 • Linux4.3͔Β௥Ճ͞Εͨcapability • ࢠϓϩηεʹҾ͖ͮͭಛݖ܈ • ҰൠϢʔβͰfile capability͕ͳͯ͘΋execve()ޙʹҾ͖ܧ͛Δ • γϯϓϧͰ͋Δ͕࢖͍ํ࣍ୈͰ͸ඇৗʹڧྗ • ίϯςφ࣮૷࣌ʹAmbient capabilities͸͋͑ͯΞϯηοτ͢Δ࣮૷΋ • exeve()ޙͷ਌͔Βͷҙਤ͠ͳ͍ಛݖͷҡ࣋ͱঢ֨Λ๷ࢭ͢ΔͨΊ Ambient capabilities

Slide 53

Slide 53 text

53 • mod_ruid2Λ࢖ͬͯαʔόϓϩηεΛҰൠϢʔβͰىಈͭͭ͠ɺΦʔφΛมߋ ͢ΔಛݖΛ༩͑ͯ΍Ε͹ɺDSO࣮ߦํࣜͰ͋ͬͯ΋ߴ଎ʹݖݶ෼཭Մೳʁ • ϦΫΤετ୯ҐͰΦʔφΛมߋͯ͠ϨεϙϯεΛฦͨ͠ΒΦʔφΛ໭͢ • αʔόϓϩηεʹ೚ҙͷίϚϯυΛ࣮ߦ͢Δ੬ऑੑ͕͋ͬͯ΋ಛݖ͸࠷খݶ ʹݶఆͰ͖Δ ҰൠϢʔβͷϓϩηεͰݖݶ෼཭͢Δख๏

Slide 54

Slide 54 text

1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE

Slide 55

Slide 55 text

1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπΛαʔϏεར༻ऀ͕࡞੒Ͱ͖Δ ৔߹͸੬ऑੑʹͳΔ

Slide 56

Slide 56 text

1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ࣮ߦϓϩηε͕ΦʔφมߋͷಛݖΛ࣋ͬ ͍ͯΔͨΊɺίϯςϯπܦ༝Ͱݖݶมߋ ͕Մೳʂʂ ˣ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπ࣮ߦલʹಛݖΛམͱ͞ͳ͍ͱ͍͚ ͳ͍ɻͭ·ΓɺϓϩηεͷΦʔφมߋޙ͸ݩ ͷΦʔφʹ໭Εͳ͍ͨΊϓϩηεഁغ͕ඞཁ VOTFUDBQT

Slide 57

Slide 57 text

57 • mod_suid2ͱಉ༷ɺ݁ہͷͱ͜ΖϗεςΟϯάαʔϏεʹ͓͍ͯɺDSO࣮ߦํ ࣜʹ͓͍ͯηΩϡϦςΟΛ୲อ͢ΔͨΊʹ͸ϦΫΤετ୯ҐͰαʔόϓϩηε ͷੜ੒ɾഁغ͕ඞཁ • ݁ՌతʹDSO࣮ߦํࣜΛ࢖͏ੑೳ্ͷϝϦοτ͕ڗडͰ͖ͳ͍ • ͜ͷΑ͏ͳΞΫηε੍ޚख๏Λ࠾༻͢Δ৔߹͸CGIͷํ͕ϝϦοτ͕ଟ͍ • ੑೳɾෳ਺ΠϯλϓϦλ͕ར༻ՄೳͳͲ ҰൠϢʔβͷϓϩηεͰݖݶ෼཭͢Δख๏

Slide 58

Slide 58 text

58 • Webαʔό͔ΒͷݖݶมߋΛՄٯతʹมߋՄೳʹͭͭ͠ɺ࣮ߦ͞ΕΔίϯςϯ πϓϩάϥϜ͔Β͸ݖݶΛมߋ͞Εͳ͍Α͏ʹ͢Δख๏ • ϓϩάϥϜ͔Β࣮ߦ͞ΕΔγεςϜίʔϧΛ͋Β͔͡Ίચ͍ग़͠ɺίϯςϯ π࣮ߦ࣌ʹ֘౰ͷγεςϜίʔϧΛϑοΫͯ͠ݖݶมߋͷॲཧΛແޮԽ͢Δ • Linuxʹ͓͍ͯγεςϜίʔϧΛద੾ʹϑοΫ͢Δʹ͸Χʔωϧʹ௚઀มߋΛՃ ͑Δඞཁ͕͋Δ • Χʔωϧ΍ϥΠϒϥϦΛܧଓతʹมߋ͢Δݱ৔Ͱ͸Մൖੑ͕௿͍ ݪΒͷγεςϜίʔϧΛϑοΫ͢Δख๏ [7] [7] ݪ େีɼதࢁହҰɼ“Hussa:εέʔϥϒϧ͔ͭηΩϡΞ ͳαʔόΞʔΩςΫνϟ௿ίετͳαʔόϓϩηε࣮ߦݖ ݶม ߋػߏɼ” ୈ 8 ճ৘ใՊֶٕज़ϑΥʔϥϜ (FIT 2009) ߨԋ࿦จूɼRB-002, 2009.

Slide 59

Slide 59 text

DSO࣮ߦํࣜͷηΩϡϦςΟ (ಛݖΛ׆༻ͨ͠εϨου୯ҐͷΞΫηε੍ޚ) 4-4.

Slide 60

Slide 60 text

60 • DSO൛ͷੑೳΛ׆͔͢ΞΫηε੍ޚख๏͕ແ͍ • ࣮ߦํࣜ΍ΠϯλϓϦλ͕ಠࣗʹΞΫηε੍ޚख๏Λ࣮૷͓ͯ͠Γ൥ࡶ • Χʔωϧʹ൥ࡶͳ؅ཧΛٻΊΔख๏͸࣮༻্ɺՄൖੑʹ͚ܽΔ ͜͜·Ͱͷ·ͱΊ

Slide 61

Slide 61 text

61 • ੑೳ໘ʹ͓͍ͯCGI͸ຊདྷద͍ͯ͠ͳ͍ • ऩ༰਺͕૿͑ΔͱϓϩηεͷϝϞϦ࢖༻ྔ͕૿͑fork()ͷޮ཰௿Լ • ͦ΋ͦ΋ϦΫΤετ୯ҐͰfork()͢ΔͷͰ஗͍ • DSO͸ຊདྷfork()Λ࣮ߦ͠ͳ͍ͨΊߴ଎ʹಈ࡞͢Δ͕ • ͜͜·ͰͷDSOͷΞΫηε੍ޚ͸ϦΫΤετຖʹfork()Λ࣮ߦ͢Δ ߴूੵϚϧνςφϯτͱCGIɾDSOͷੑೳ

Slide 62

Slide 62 text

62 • DSOํࣜͷੑೳΛ׆͔͢ΞΫηε੍ޚΞʔΩςΫνϟ • ಈతίϯςϯπ࣮ߦલʹΦʔφมߋͷಛݖͷΈΛ༩੍͑ͨޚ༻εϨουΛ࡞੒ • ΦʔφΛมߋͨ͠εϨου্ͰίϯςϯπΛॲཧ • ίϯςϯπ࣮ߦޙ͸εϨουͷΈΛ࡟আ • ݖݶ෼཭ͷΦʔόʔϔουΛεϨουͷੜ੒ɾഁغϨϕϧʹ௿ݮ দຊΒͷεϨου୯ҐͰΞΫηε੍ޚ [8] [8] দຊ྄հ, Ԭ෦णஉ,εϨου୯ҐͰݖݶ෼཭Λߦ͏WebαʔόͷΞΫηε੍ޚΞʔΩςΫνϟ,ిࢠ৘ใ௨৴ֶձ࿦จࢽ Vol.J96-B, No.10, pp.1122-1130, Oct 2013.

Slide 63

Slide 63 text

63 • ݖݶ෼཭༻ͷ੍ޚ༻εϨουΛੜ੒͢ΔͨΊɺCGI΋ಉҰͷ࿮૊ΈͷதͰݖݶ ෼཭͕ՄೳʹͳΔ • Ծ૝ϗετ୯ҐͷΦʔφ৘ใ΋ϦΫΤετͷ͋ͬͨίϯςϯπ͔ΒࣗಈͰऔಘ ͢ΔͨΊϗετ୯Ґͷݖݶ෼཭ઃఆΛඞཁͱ͠ͳ͍ • ߴूੵ࣌ʹϗετͷऩ༰ઃఆ਺ͷ໰୊͔Βαʔόϓϩηεͷىಈ࣌ͷϝϞϦ࢖ ༻ྔ͕૿େ͢Δ͜ͱ͔Βɺfork()࣌ͷੑೳྼԽͷ໰୊΋͕͋ͬͨɺ౷Ұతͳઃ ఆͷهड़͕ՄೳͱͳΓfork()ͷੑೳ΋վળՄೳ DSOɾCGI࣮ߦํࣜ྆ํʹରԠ

Slide 64

Slide 64 text

1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ

Slide 65

Slide 65 text

1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ DISPPU&OWJSPONFOU

Slide 66

Slide 66 text

1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞$(* দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ $(*QSPDFTT PXOFSVTFS QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS GPSL UFSNJOBUFQSPDFTT FYFDWF

Slide 67

Slide 67 text

67 • 1ϦΫΤετ1ϓϩηε઎༗͢ΔαʔόϞσϧલఏ • DSO͸εϨουͷ༗ແʹؔΘΒͣαʔόϓϩηεʹ૊Έࠐ·ΕͨΠϯλϓϦλ ͕௚઀ϓϩάϥϜΛ࣮ߦ • εϨουΛҰ࣌తʹ࡞Δ͜ͱʹΑΔηΩϡϦςΟϨϕϧͷ௿Լ͸ੜ͡ͳ͍ WebαʔόϞσϧͱ੍ޚ༻εϨουͷߟ࡯

Slide 68

Slide 68 text

68 • mod_process_securityϞδϡʔϧ • ઃఆ͸ҎԼͷΑ͏ʹγϯϓϧ LinuxͰApacheϞδϡʔϧͱ࣮ͯ͠૷

Slide 69

Slide 69 text

69 • Apache httpdʹରͯ͠ఏҊΞʔΩςΫνϟΛ࣮૷ • ඵؒͷϦΫΤετ਺ΛมԽͤ͞Ϩεϙϯε਺Λܭଌ • phpinfo()Λग़ྗ͢Δ͚ͩͷ؆୯ͳϓϩάϥϜΛ༻ҙ • ֤ख๏ͷੑೳΛධՁ ੑೳධՁ

Slide 70

Slide 70 text

70 ࣮ݧ؀ڥ

Slide 71

Slide 71 text

71 DSO࣮ߦํࣜͷΞΫηε੍ޚੑೳൺֱ w ඵؒϦΫΤετ਺Λ૿Ճͤ͞ͳ͕Βඵ ؒϨεϙϯε਺Λܭଌ w ྘ͷNPE@SVJEΛར༻ͨ͠ΞΫηε੍ ޚ͸΄ͱΜͲੑೳ͕Ͱ͍ͯͳ͍ w ੺ͷদຊΒͷΞΫηε੍ޚ͸ΞΫηε ੍ޚແ͠ͷ৔߹ͱൺ΂ͯ΋΄ͱΜͲΦʔ όʔϔου͸ແ͠ ੨ɿΞΫηε੍ޚແ͠ ੺ɿদຊΒͷΞΫηε੍ޚ ྘ɿNPE@SVJE౳ͷΞΫηε੍ޚ

Slide 72

Slide 72 text

72 CGI࣮ߦํࣜͷΞΫηε੍ޚੑೳൺֱ w ඵؒϦΫΤετ਺Λ૿Ճͤ͞ͳ͕ΒඵؒϨ εϙϯε਺Λܭଌ w $(*ͷΞΫηε੍ޚͷ༗ແʹؔΘΒͣ$(* ͷ࣮ߦํࣜͷΦʔόʔϔου͕େ͖͍ͨΊɺ ΞΫηε੍ޚʹΑΔΦʔόʔϔου͸ແ͍ ੨ɿΞΫηε੍ޚແ͠ ੺ɿদຊΒͷΞΫηε੍ޚ ྘ɿTV&9&$

Slide 73

Slide 73 text

73 ࣮ݧ݁Ռ·ͱΊ ࣮ߦํࣜ ΞΫηε੍ޚద༻ʹΑΔεϧʔϓοτ௿Լ཰ $(* TV&9&$  NPE@QSPDFTT@TFDVSJUZ  %40 NPE@SVJE౳  NPE@QSPDFTT@TFDVSJUZ 

Slide 74

Slide 74 text

74 • phpinfo()΁ͷΞΫηεΛstrace͔Βղੳ • CGI ʴ suEXEC: 3377ճ • mod_php + mod_process_security: 155ճ • ΦʔόʔϔουʹͳͬͯΔγεςϜίʔϧ • clone() open() close() execve() ͳͲsuEXECؔ࿈ ࢀߟɿγεςϜίʔϧͷ਺Λൺֱ ˞TUSBDFDGQ1*% ˞DBUDHJMPHcHSFQWFQPMM@XBJUcHSFQWGVUFYcQFSMBOF QSJOU@JG

Slide 75

Slide 75 text

75 ࢀߟɿಋೖલޙͷCPU࢖༻ྔൺֱ Ұ೔ͷΞΫηε਺͸ͲͪΒͷαʔό΋໿ສ $(*ʴTV&9&$ %40ʴNPE@QSPDFTT@TFDVSJUZ ˙TZTUFN ˙VTFS ˙JEMF ref: দຊ྄հ, ηΩϡϦςΟͱੑೳཁ݅Λಉ࣌ʹຬͨ͢WebαʔόϗεςΟϯάٕज़ͷ࠷৽ಈ޲, https://speakerdeck.com/matsumoto_r/virtualhosting-security-performance-operasion

Slide 76

Slide 76 text

76 • ߴूੵϚϧνςφϯτํࣜʹ͓͍ͯηΩϡϦςΟͱੑೳΛཱ྆ͨ͠ख๏ • αʔόϓϩηεͦͷ΋ͷʹ೚ҙͷίϚϯυΛ࣮ߦͰ͖Δ৔߹͸Ͳ͏ͳΔ͔ • ϓϩηεΛڞ༗͢ΔݶΓWebαʔόͷΞʔΩςΫνϟ্ϦεΫ͕͋Δ • ͦͷ৔߹͸ίετͷ؍఺͔ΒVM΍ίϯςφͷִ཭Λݕ౼͢Δ • ίϯςφϨϕϧͷ੬ऑੑͰίϯςφͷ֎ʹग़ΒΕΔϦεΫ͸ʁ • Ϧιʔείετ͸ߴ͘ͳΔ͕VMϨϕϧͰͷִ཭Λݕ౼͢Δ΂͖ ·ͱΊͱϦεΫ

Slide 77

Slide 77 text

5. ͦͷଞ࠷৽ͷݚڀಈ޲

Slide 78

Slide 78 text

78 • Time-of-check to time-of-Use Race Condition • ҎԼͷॲཧΛUNIX͸ΞτϛοΫʹͰ͖ͳ͍ • ϑΝΠϧ͕ϦϯΫ͔ɺϑΝΠϧ·ͰͷύεʹϦϯΫؚ͕·ΕΔ͔ɺͦͷݕࠪ ޙʹϑΝΠϧΛopen()͢ΔΑ͏ͳॲཧ • Webίϯςϯπ͕ࣗ༝ͳϗεςΟϯάʹ͓͍ͯ͸େ͖ͳ໰୊ͱͳΔ • Ϛϧνϓϩηεͷαʔόιϑτ΢ΣΞͰ͸λΠϛϯάʹΑͬͯ͸ϦϯΫͷνΣο ΫޙʹผϑΝΠϧʹ͢Γସ͑ΒΕΔՄೳੑ༗Γ ϦϯΫݕࠪͷTOCTOU໰୊

Slide 79

Slide 79 text

79 • ͱ͋ΔԾ૝ϗετA͕੬ऑੑΛಥ͔ΕΔ • ϨʔείϯσΟγϣϯΛར༻ͯ͠ଞϗετBͷ.cgiʹରͯ͠.txtͷϦϯΫΛషΔ • γϯϘϦοΫϦϯΫ͸ϑΝΠϧͷଘࡏ֬ೝແ͘࡞੒͕Մೳ • Ծ૝ϗετํࣜ͸੩తϑΝΠϧͷ৔߹αʔόϓϩηεͷΦʔφͰread • ඇϦϯΫ൑ఆޙͰ͋ΔͨΊϗετBͷ.cgiʹॻ͔Εͨid/pass͕ӾཡՄೳ ଞϗετͷid/passΛऔಘ͞ΕΔέʔε

Slide 80

Slide 80 text

ϑΝΠϧ͕ϦϯΫ͔ݕࠪ ϑΝΠϧͷύεʹϦϯΫ͕ ؚ·ΕΔ͔ݕࠪ ϑΝΠϧΛPQFO ͯ͠ Ϩεϙϯεੜ੒ॲཧ 8FCαʔόϓϩηεXPSLFS" ϑΝΠϧΛϦϯΫʹ ஔ͖׵͑ ϨʔείϯσΟγϣϯͷ Մೳੑ 0, 0, ϦϯΫͷνΣοΫޙʹ ผϗετͷϑΝΠϧ ʹஔ͖׵͑ΒΕͯ೷͖ݟ ͞ΕΔՄೳੑ͋Γ 8FCαʔόϓϩηεXPSLFS#

Slide 81

Slide 81 text

81 • ϗεςΟϯάཁ݅ʹ͓͍ͯ͸ղܾՄೳ • ಉҰॴ༗ऀͷϦϯΫ͸࠷ѱݕ஌Ͱ͖ͳͯ͘΋ྑ͍ • ݕ஌͢΂͖͸ଞϗετɺͭ·Γɺଞͷॴ༗ऀͷϑΝΠϧ΁ͷϦϯΫ͔Ͳ͏͔ • ϑΝΠϧopen()ޙʹfd͔ΒΦʔφνΣοΫ • ͦͷԾ૝ϗετͰઃఆ͍ͯ͠ΔΦʔφͱopen()ͨ͠ϑΝΠϧͷॴ༗ݖΛൺֱ mod_fileownercheck [9] [9] Ryosuke Matsumotoɼhttps://github.com/matsumotory/mod_fileownercheck.

Slide 82

Slide 82 text

ϑΝΠϧΛPQFO GEͷPXOFSͱԾ૝ϗετͷઃ ఆͰڐՄ͍ͯ͠ΔPXOFSݕࠪ Ϩεϙϯεੜ੒ॲཧ ϑΝΠϧΛϦϯΫʹ ஔ͖׵͑ ผϗετͷϦϯΫ ʹ͸ஔ͖׵͑ΒΕͳ͍ 8FCαʔόϓϩηεXPSLFS" 8FCαʔόϓϩηεXPSLFS#

Slide 83

Slide 83 text

83 • ϦϯΫ࡞੒ͷϨʔείϯσΟγϣϯࣗମ͸๷͛ͳ͍ • ϗεςΟϯάཁ݅ʹ͓͍ͯผͷॴ༗ऀϑΝΠϧ΁ͷϦϯΫ͸๷͛Δ • fdͷownerͱopen()ͨ͠ϑΝΠϧͷownerൺֱͰ͸μϝ • ύεʹϦϯΫؚ͕·ΕΔ৔߹Λݕ஌Ͱ͖ͳ͍ • Ծ૝ϗετͷownerΛ੩తʹอ͓࣋ͯ͘͠ • υΩϡϝϯτϧʔτͷΦʔφ΍suEXECͷઃఆ͔Βऔಘ͢ΔͳͲ޻෉͕ඞཁ ஫ҙ఺

Slide 84

Slide 84 text

6. ·ͱΊ

Slide 85

Slide 85 text

85 ɾΞϓϦέʔγϣϯΛαʔόʹऩ༰͢ΔࡍͷΞΫηε੍ޚʹ͍ͭͯ ɾϋʔυ΢ΣΞϦιʔεΛ׆༻͢ΔͨΊͷ༷ʑͳ޻෉ ɾOSͷػೳΛ࠷େݶ׆͔ͭͭ͠ੑೳΛ୲อ͢ΔͨΊͷ࢓૊Έ ɾΞϓϦέʔγϣϯͷ໨తʹ߹ΘͤͨηΩϡϦςΟϞσϧͷݕ౼ ɾOSSʹ੬ऑੑ͕͋ͬͨͱ͖ʹͲ͜·ͰӨڹΛ༩͑Δ͔Λݕ౼ ɾαʔϏεϨϕϧΛఆٛͯͦ͠Εʹִ͋ͬͨ཭ํ๏Λબఆ ·ͱΊ