You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Joel Palmius <jo...@mh.se> on 2002/08/01 09:32:32 UTC
Local file security (in 1.27)
I'm developing an online survey system under mod_perl (with a homemade
perlhandler, not under Apache::Registry). Since I've had as a goal to
avoid as many dependencies as possible, I store results in local plaintext
files. By nature, these files has (?) to be writable by the uid apache
runs as.
In the mod_perl documentation it is written:
> When a handler needs write permissions, make sure that only the user,
> the server is running under, has write permissions to the files.
> Sometimes you need group write permissions, but be very careful, because
> a buggy or malicious code run in the server may destroy files writable
> by the server
My files fit this description (the files are chmodded 600). However, as
the system is intended for academic use, and it is not entirely uncommon
to have one student web server for everything, I cannot force admins not
to install (as an example) PHP with default options and allowing the
students to write PHP scripts.
In PHP, to completely remove all my stored data with one line of code:
<? passthru("rm -rf /usr/local/mod_survey/data/*") ?>
Now, this is obviously a flaw with (in descending order) PHP for not
having an installation with a secure default configuration, and with the
admins for giving untrusted users access to an inherently insecure
scripting language. However, the problem ends up being mine as I have to
handle it somehow.
So, question is: How do I protect my data files from being accessed by
anything else than my own perlhandler? Can I set another uid for all that
has to do with my specific perlhandler? Hints are most welcome.
// Joel
Re: Local file security (in 1.27)
Posted by Stas Bekman <st...@stason.org>.
[...]
> So, question is: How do I protect my data files from being accessed by
> anything else than my own perlhandler? Can I set another uid for all that
> has to do with my specific perlhandler? Hints are most welcome.
You can't. The only solution is run a dedicated server for each user.
Currently the pure Apache solution is to use suexec, which you cannot
run under mod_perl. This is all covered at:
http://perl.apache.org/docs/general/multiuser/multiuser.html
this issue will be addressed in 2.0 with perchild Apache mpm which
allows you to run different groups of servers/threads under different
uids/gids. If I remember correctly this mpm is highly experimental at
this point.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Local file security (in 1.27)
Posted by Kari Nurmela <ka...@utu.fi>.
>
>
>So, question is: How do I protect my data files from being accessed by
>anything else than my own perlhandler? Can I set another uid for all that
>has to do with my specific perlhandler? Hints are most welcome.
>
> // Joel
>
>
Maybe you are facing the same problem, that I asked earlier in this
list? Question: http://groups.yahoo.com/group/modperl/message/43025
The only solution I came with was to patch mod_perl.c and mod_perl.h
with settings that disable handlers except from httpd.conf. At least I
think these attached patches should do the trick... ;-)
Best wishes, Kari