Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 6261 invoked by uid 6000); 26 May 1998 00:10:08 -0000
Received: (qmail 6250 invoked from network); 26 May 1998 00:10:06 -0000
Received: from twinlark.arctic.org (204.62.130.91)
  by taz.hyperreal.org with SMTP; 26 May 1998 00:10:06 -0000
Received: (qmail 10357 invoked by uid 500); 26 May 1998 00:52:35 -0000
Date: Mon, 25 May 1998 17:52:35 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: Re: general/2270: Required Patches to Apache sources for FrontPage
 Module (fwd)
In-Reply-To: <Pine.LNX.3.95.980525014748.12182A-100000@gaia.vr.net>
Message-ID: <Pine.LNX.3.96dg4.980525174417.2346E-100000@twinlark.arctic.org>
X-Comment: Visit http://www.arctic.org/~dgaudet/legal for information
 regarding copyright and disclaimer.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org



On Mon, 25 May 1998, Gregory A Lundberg wrote:

>       file for fpEXEC.  And, since we might get errors, like Frontpage's
>       version, we'd like to die off with an html document rather than
>       leaving the remote user hanging and logging 'premature end of script
>       headers'.  Since Frontpage expects these responses, and wants them
>       in a particular format, we'll need a configurable error-html script. 

This is only for the frontpage .exe files right?  i.e. the response is
expected to be text/html anyhow... I mean, suexec can be used for
arbitrary responses, so I really hope it doesn't send back text/html error
stuff... it should only send back "Status: 500" I'd say.

>    d) Oh, and make sure we were run by the anonymous web-user and nobody
>       else .. just like suEXEC.  BTW, here's a point where RtR went over-
>       board.  They have mod_frontpage openning a secured file containing
>       some random hashed values and piping it to their version of suEXEC.
>       The idea is to not even trust the web administrator to have secured
>       the machine properly: anyone can run the program so don't trust the
>       UID .. instead since we're SUID-root let's open that root-only file
>       and see if it matches what we're getting from the pipe.  Can anyone
>       say 'handle depletion'?  A good idea, just not needed if you take
>       the time to set up your server correctly.

I don't think the handle depletion bugs me too much... although it is
hard to set up the filedescriptor for it portably.

> Only one problem: this all depends upon having mod_auth, .htacess files,
> group and user (htpasswd) files.  What happens if one of these isn't
> there?  Why we let _anyone_ .. that's right .. anyone in the world .. have
> at our nice Frontpage (or whatever) CGIs.  That sucks raw eggs at MACH 9
> through a straw doesn't it?  All this work making things secure and some
> dumb user FTPs in and DELEtes his .htaccess file blowing it all away.  So
> we need one last change: we need to be ABSOLUTELY SURE _this_ URL was
> approved through mod_auth with a valid .htaccess and a valid password
> challenge and response. 

Oh wow.

It all sounds reasonable... although the suexec folks probably will
want to chime in.  OK, so I'm not a windows user, and I've never used
FrontPage.  I've always assumed it is just a glorified PUT mechanism
done microsoft's way.  How does it differ from PUT?

You see what I'd like to see is an add-on to apache which makes it
trivial for admins to set up sites so that IE or Netscape users can
easily create and edit documents/images/etc.  I'm not sure what are the
best tools to make this happen though... on my own site I just force
everyone to learn ftp, because I can't be bothered to learn all the rest
of the stuff required.

Dean