httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. Cloos Jr." <cl...@jhcloos.com>
Subject Re: easy solution: Re: userspace permissions
Date Tue, 19 Oct 1999 06:16:11 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Greg" == Greg Stein <gstein@lyra.org> writes:

...
Greg> The first thing to do is create a group, call it "www". Set up
Greg> Apache to run as nobody:www.
...
Greg> Next, create your virtual directories using the user, this
Greg> group, and the group-sticky bit (more in a bit):
...
Greg> Given this setup, you'll see than john can read his directory,
Greg> and jane can read hers. They cannot read each others -- do NOT
Greg> place john/jane into the "www" group! The web server should be
Greg> the only thing in the "www" group, and it can read/exec all the
Greg> data.
...

One attack on this setup is for user_i to use a CGI (or PHP, or SSI,
etc) to read the stuff under user_j's dir.  In short, unless
(essentially[1]) no dynamic stuff is allowed, it solves nothing.

W/o pools per VH, you are limited to these models (in order of
increasing revenue potential):

        each user get's a dir under the single hostname

        name-based virtual hosts

        ip-based VHs under a single daemon

        ip-based VHs, one daemon per user

        co-lo (ie, one box per user)

The optimal solution, of course, reminds that `everything old [can be]
new again'.  All we need are virtual PCs (ala vmware & freemware) in
hardware (ala IBM's VM).  (But w/o the EBCDIC, yes? :)

And one does have to wonder whether that isn't just what Transvirtual
is working on, even if noone (else) seems to be speculating in that
direction....

Until then, one can always just support all five otions above and
charge appropriately for each.  Those who need actual security ought
to be willing to pay a bit more, eh?

[1]  I'm sure there are dynamic environments which do not allow
     arbitrary code to be run.  Most, however, don't seem to fall
     into that catagory.

- -JimC
- -- 
James H. Cloos, Jr.  <URL:http://jhcloos.com/public_key> 1024D/ED7DAEA6 
<cloos@jhcloos.com>  E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6
        Save Trees:  Get E-Gold! <URL:http://jhcloos.com/go?e-gold>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4DAypmXqfF+19rqYRAonpAJwP4RcPhiiH9+CuRt0admIukovScgCggtw7
vS7DnCDzqUzjsuj8b3HDYII=
=NQTi
-----END PGP SIGNATURE-----

Mime
View raw message