httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Ollerenshaw <nat...@valuecommerce.ne.jp>
Subject Re: Advanced Mass Hosting Module
Date Fri, 14 Mar 2003 17:58:41 GMT
On Saturday, March 15, 2003, at 01:13 AM, Thomas Eibner wrote:
> On Sat, Mar 15, 2003 at 01:00:18AM +0900, Nathan Ollerenshaw wrote:
>> I wasn't thinking of anything radical. Just have a hook to set the
>> handler for a particular document (if it matches .php or .php4) to the
>> PHP module if it's allowed to, and serve it as a normal document if
>> not. Etc.
>>
>> I've not had a great delve in the hooks but nothing has suggested in
>> what I've looked at that it's not possible.
>
> I'm not sure if it's as simple as you describe. What is to stop a user
> from placing a .htaccess file in a directory giving himself ability to
> give the right content type to execute a php script for instance?
> If you want suexec to work too, there might be further complications.
> (Just thinking out loud here) :)

You bring up a valid point, but I was thinking more of sbox. Thats what 
use use currently (because suexec didn't fit our model) and it works 
great. Though, there seems to be a bug where it's poisoning the 
environment ...

At any rate, if I'm interfering around the URI-to-filename translation 
phase first, I should be able to minimise any problems with .htaccess 
files. But, I don't know, I don't fully understand all the phases that 
I can interfere with just yet :)

There are other phases I've not really looked at as well which I could 
hook into to do extra sanity checks, I guess. But, I think, get the 
thing basically working, then narrow down all the annoying security 
holes it will make, eh?

>> I really need to get a proof-of-concept working; maybe this weekend if
>> my other half gives me a 'allowed to use computer' note for the 
>> teacher.
>
> What would you consider a proof-of-concept? I have my code lurking on 
> some
> machine in cvs if you want to take a look at it.

If my feeble coding skills are up to it :) I've requested a new sf.net 
project, so in a couple of days I should be able to put up my hacky 
bits of code.

Really, I only started programming C with a vengeance about a week ago. 
I'm an old perl hacker, and never felt a need to use C. So fear my 
code. Expect apache to segfault. ;)

Nathan.

-- 
Nathan Ollerenshaw - Systems Engineer - Shared Hosting
ValueCommerce Japan - http://www.valuecommerce.ne.jp

I'm your blubber boy you should rub me
The sun beat me down too viciously
I fell into the ground to what I used to be
I've melted away I'm nothing again


Mime
View raw message