You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by ch...@lists.muthpartners.de on 2009/11/23 10:40:06 UTC
MPM-Module perchild
Hello,
We have an internal project where we need the MPM module perchild. The
Apache 2.0 documentation says that the development is not completed. I
talked to my boss and he says I could take maybe any necessary residual
activities, (depending on the size). Therefore, the following questions:
* What is currently state of this module?
* What would a collaboration?
* How is the planning of this module in Apache 2.2. The link of 'user'
(http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user) and 'group'
(http://httpd.apache.org/docs/2.2/mod/mpm_common.html#group) only brings
a 404 (http://httpd.apache.org/docs/2.2/mod/perchild.html).
Thank you for your info.
Christian
Re: MPM-Module perchild
Posted by Graham Dumpleton <gr...@gmail.com>.
2009/11/23 <ch...@lists.muthpartners.de>:
> Hello,
>
> We have an internal project where we need the MPM module perchild. The
> Apache 2.0 documentation says that the development is not completed. I
> talked to my boss and he says I could take maybe any necessary residual
> activities, (depending on the size). Therefore, the following questions:
>
> * What is currently state of this module?
> * What would a collaboration?
> * How is the planning of this module in Apache 2.2. The link of 'user'
> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user) and 'group'
> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#group) only brings
> a 404 (http://httpd.apache.org/docs/2.2/mod/perchild.html).
First off I would be asking what specific code are you wanting to run
which requires this MPM. There are other means of achieving process
separation and dropping of privileges to different users than this
MPM. Whether other solutions are suitable really depends on what you
are wanting to do though.
So, explain what the actual requirement is rather than than your
suspected solution and may be can save you some time by suggesting
other ways you can achieve the same which doesn't require as much
work.
Graham
Graham
RE: MPM-Module perchild
Posted by "Herring, Ed" <ed...@intel.com>.
I would like to discuss a collaborative effort to get this module working.
-----Original Message-----
From: christian4apache@lists.muthpartners.de [mailto:christian4apache@lists.muthpartners.de]
Sent: Monday, November 23, 2009 3:40 AM
To: dev@httpd.apache.org
Subject: MPM-Module perchild
Hello,
We have an internal project where we need the MPM module perchild. The
Apache 2.0 documentation says that the development is not completed. I
talked to my boss and he says I could take maybe any necessary residual
activities, (depending on the size). Therefore, the following questions:
* What is currently state of this module?
* What would a collaboration?
* How is the planning of this module in Apache 2.2. The link of 'user'
(http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user) and 'group'
(http://httpd.apache.org/docs/2.2/mod/mpm_common.html#group) only brings
a 404 (http://httpd.apache.org/docs/2.2/mod/perchild.html).
Thank you for your info.
Christian
Re[2]: MPM-Module perchild
Posted by ch...@lists.muthpartners.de.
>> ... we need the MPM module perchild ...
> ... http://mpm-itk.sesse.net/ ...
The mpm-itk is what we search,
Thanks
Re: MPM-Module perchild
Posted by Nick Kew <ni...@webthing.com>.
Graham Dumpleton wrote:
>> http://httpd.apache.org/docs/2.3/mod/mod_privileges.html (in future httpd 2.4)
>
> FWIW, contrary to what is suggested by documentation for
> mod_privileges, I would anticipate that modules which embed a Python
> interpreter such as mod_python and mod_wsgi are not going to be
> compatible with at least SECURE mode of mod_privileges. This is
> because after a fork of a Python process special Python interpreter
> core function has to be called to do some fixups. This is fine if fork
> done from Python code as it will be done automatically, but not if
> done from external C code in same process. Not sure how well things
> will work if that fixup function isn't called.
That's entirely likely. Fast mode is straightforward, but secure
mode is only sparsely tested, and could easily fall down when presented
with complex problems as you suggest. In such a scenario we could
either fix it as you suggest (how does ITK deal with this?), or
bow out and recommend alternatives.
> BTW, what operating system feature does this use that means it is only
> usable on Solaris?
Is there another OS that supports solaris-style privileges?
One could envisage other modules to harness operating system
security - such as SElinux - but I don't think it would look
similar enough to abstract out a common API.
--
Nick Kew
Re: MPM-Module perchild
Posted by Graham Dumpleton <gr...@gmail.com>.
2009/11/23 Jeff Trawick <tr...@gmail.com>:
> On Mon, Nov 23, 2009 at 4:40 AM,
> <ch...@lists.muthpartners.de> wrote:
>> Hello,
>>
>> We have an internal project where we need the MPM module perchild. The
>> Apache 2.0 documentation says that the development is not completed. I
>> talked to my boss and he says I could take maybe any necessary residual
>> activities, (depending on the size). Therefore, the following questions:
>>
>> * What is currently state of this module?
>> * What would a collaboration?
>> * How is the planning of this module in Apache 2.2. The link of 'user'
>> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user) and 'group'
>> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#group) only brings
>> a 404 (http://httpd.apache.org/docs/2.2/mod/perchild.html).
>
> perchild is no longer maintained here.
>
> See
>
> http://httpd.apache.org/docs/2.3/mod/mod_privileges.html (in future httpd 2.4)
FWIW, contrary to what is suggested by documentation for
mod_privileges, I would anticipate that modules which embed a Python
interpreter such as mod_python and mod_wsgi are not going to be
compatible with at least SECURE mode of mod_privileges. This is
because after a fork of a Python process special Python interpreter
core function has to be called to do some fixups. This is fine if fork
done from Python code as it will be done automatically, but not if
done from external C code in same process. Not sure how well things
will work if that fixup function isn't called.
So, in order for it to work, there would need to be optional hook
functions exposed by mod_privileges which would allow other modules to
run special actions after the fork. This though means that the
distinct modules would need to be customised to know about
mod_privileges.
BTW, what operating system feature does this use that means it is only
usable on Solaris?
Graham
Re: MPM-Module perchild
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Nov 23, 2009 at 4:40 AM,
<ch...@lists.muthpartners.de> wrote:
> Hello,
>
> We have an internal project where we need the MPM module perchild. The
> Apache 2.0 documentation says that the development is not completed. I
> talked to my boss and he says I could take maybe any necessary residual
> activities, (depending on the size). Therefore, the following questions:
>
> * What is currently state of this module?
> * What would a collaboration?
> * How is the planning of this module in Apache 2.2. The link of 'user'
> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user) and 'group'
> (http://httpd.apache.org/docs/2.2/mod/mpm_common.html#group) only brings
> a 404 (http://httpd.apache.org/docs/2.2/mod/perchild.html).
perchild is no longer maintained here.
See
http://httpd.apache.org/docs/2.3/mod/mod_privileges.html (in future httpd 2.4)
http://mpm-itk.sesse.net/
(perhaps there are other projects out there which are still active?
Metux was active at some point.)