security (fwd)

[Stas Bekman <st...@stason.org>]

Doug, do you plan to answer these concerns (see below) in 2.0? This kind
of question pops up quite often and it's a legitimate one, to allow ISPs
using mod_perl mainstream.

So will it be possible to make pools of interpreters with different
owners, running under different UID/GID? I can think of MPM model where
there are different processes, each potentially owned by a different owner
and having a pool of threads inside of each.

---------- Forwarded message ----------
Date: Wed, 28 Feb 2001 21:48:00 +0000
From: Gustavo Vieira Goncalves Coelho Rios <gu...@ifour.com.br>
To: modperl@apache.org
Subject: security

Hi folks!

I have a FreeBSD server configured as a http server, running apache.
This installation includes mod_perl+EmbPerl, mod_php4 mod_cgi and
mod_fastcgi. Some of my users will be using mysql for database. The
problem is that this scenario requires sensitive information inside
file. This means no problem when these users write their dymanic pages
inside a compiled program. I can chmod a-rw and nobody will be able to
take away user/password from a compiled program. The problem happens
when write their php or embperl pages!

the key user\password are kept inside this file, so anyone can uses an
editor to retrieve the user mysql account. I resolve this problem
running php on secure mode and chgrping the php file the same user as
the http process and removing other flags file access (g-rwx). So nobody
besides the owner of the file (or the http process) will be able to read
it.

since php have some security facilities, like: if the file owner id !=
the file the script is trying to open => fails.
My problem is with perl: how to solve such a problem in a perl
environment?
Does mod perl allows any kind of security, to prevent ones writing
script to read others files?


PS: All cgi runs through suexec, so even cgi are not able to run the
script, ok?

Re: security (fwd)

[Stas Bekman <st...@stason.org>]

On Wed, 28 Feb 2001, Jim Winstead wrote:

> On Thu, Mar 01, 2001 at 09:48:34AM +0800, Stas Bekman wrote:
> > Doug, do you plan to answer these concerns (see below) in 2.0? This kind
> > of question pops up quite often and it's a legitimate one, to allow ISPs
> > using mod_perl mainstream.
> >
> > So will it be possible to make pools of interpreters with different
> > owners, running under different UID/GID? I can think of MPM model where
> > there are different processes, each potentially owned by a different owner
> > and having a pool of threads inside of each.
>
> there is a perchild mpm in apache 2.0 that does this.
>
> http://httpd.apache.org/docs-2.0/mod/perchild.html
>
> (don't know how this works with mod_perl 2.0.)


Thanks, Jim

It seems that Apache 2.0 requires suExec to make this work. But as Robin
has pointed out in his reply, it's being taken care natively by mod_perl.

_____________________________________________________________________
Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
mailto:stas@stason.org   http://apachetoday.com http://logilune.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: security (fwd)

[Jim Winstead <ji...@apache.org>]

On Thu, Mar 01, 2001 at 09:48:34AM +0800, Stas Bekman wrote:
> Doug, do you plan to answer these concerns (see below) in 2.0? This kind
> of question pops up quite often and it's a legitimate one, to allow ISPs
> using mod_perl mainstream.
> 
> So will it be possible to make pools of interpreters with different
> owners, running under different UID/GID? I can think of MPM model where
> there are different processes, each potentially owned by a different owner
> and having a pool of threads inside of each.

there is a perchild mpm in apache 2.0 that does this.

http://httpd.apache.org/docs-2.0/mod/perchild.html

(don't know how this works with mod_perl 2.0.)

jim

Re: security (fwd)

[Stas Bekman <st...@stason.org>]

On Thu, 1 Mar 2001, Robin Berjon wrote:

> At 09:48 01/03/2001 +0800, Stas Bekman wrote:
> >Doug, do you plan to answer these concerns (see below) in 2.0? This kind
> >of question pops up quite often and it's a legitimate one, to allow ISPs
> >using mod_perl mainstream.
> >
> >So will it be possible to make pools of interpreters with different
> >owners, running under different UID/GID? I can think of MPM model where
> >there are different processes, each potentially owned by a different owner
> >and having a pool of threads inside of each.
>
> I think that's what the following two points address:
>
> http://perl.apache.org/~dougm/modperl_2.0.html#mpms  multiprocessing model
> modules
> http://perl.apache.org/~dougm/modperl_2.0.html#perloptions directive
>
> (the urls' targets seem to contain whitespace, be sure to include those to
> get there directly).
>
> I'm not sure this addresses all such security concerns, but the following
> extract seems to imply that at least it can go a long way:
>
> "A common problem with mod_perl-1.xx was the shared namespace between all
> code within the process.  Consider two developers using the same server and
> each which to run a different version of a module with the same name.  This
> example will create two parent Perls, one for each VirtualHost, each with
> its own namespace and pointing to a different paths in @INC"

Oops, I have to reread the doc. It's been a long time...

Thanks for the head ups, Robin!

_____________________________________________________________________
Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
mailto:stas@stason.org   http://apachetoday.com http://logilune.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: security (fwd)

[Robin Berjon <ro...@knowscape.com>]

At 09:48 01/03/2001 +0800, Stas Bekman wrote:
>Doug, do you plan to answer these concerns (see below) in 2.0? This kind
>of question pops up quite often and it's a legitimate one, to allow ISPs
>using mod_perl mainstream.
>
>So will it be possible to make pools of interpreters with different
>owners, running under different UID/GID? I can think of MPM model where
>there are different processes, each potentially owned by a different owner
>and having a pool of threads inside of each.

I think that's what the following two points address:

http://perl.apache.org/~dougm/modperl_2.0.html#mpms  multiprocessing model
modules
http://perl.apache.org/~dougm/modperl_2.0.html#perloptions directive

(the urls' targets seem to contain whitespace, be sure to include those to
get there directly).

I'm not sure this addresses all such security concerns, but the following
extract seems to imply that at least it can go a long way:

"A common problem with mod_perl-1.xx was the shared namespace between all
code within the process.  Consider two developers using the same server and
each which to run a different version of a module with the same name.  This
example will create two parent Perls, one for each VirtualHost, each with
its own namespace and pointing to a different paths in @INC"


-- robin b.
Radioactive cats have 18 half-lives.