Ugh.
I'm driving myself crazy with this, as I do with everything.
suEXEC makes Apache run CGIs as the User who owns them. This makes standard CGIs more secure, because, now they have thier own user rights and don't have free access to access anything that the user the web server is running as can access. However, if this script is going to create a file that is later to be read by the web server, it must still be world readable. And, if it is world readable, a well-crafted Perl script can still access it. Therefore, any file that holds information that, say, should only be displayed to authenticated users is unprotected from other people on the same machine. How do you fix this? I don't know.
PHP as a module can use open_basedirwhich restricts users from being able to open files outside of their own document root. safe_mode also enhances this by forcing the files a user opens to be owned by them and forbids the user from accessing commands like "ls" to get around the security provided by open_basedir. However, safe_mode is too restrictive in most cases, and causes a lot of trouble when it comes to doing things outside of the norm in PHP. Additionally, even if these issues weren't present, files that are to be read by the webserver would still have to be world-readable, which means that they can be accessed by a well crafted script. How do you fix this? I don't know.
I'm attempting to write control panel software for web hosting that needs to access various databases and configuration files. Unfortunately, the above listed security issues are making that impossible to do without running the risk of someone writing a script that would gather this information and use it to their advantage. How do I fix this? I don't know.
Apache sucks.
