httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Hudson <ghud...@MIT.EDU>
Subject mod_userdir type dispatching for subdomains
Date Tue, 01 May 2007 19:11:00 GMT
I'm setting up a shared web hosting service running on Linux for
untrusted user content.  The standard and supported way of doing this
in Apache is to use mod_userdir and suexec, which causes dynamic
content to be executed using the uid of the mapped user.

However, I don't want to use mod_userdir; I want to use per-user
subdomains.  All http://serverdomain/~username URLs live in the same
browser security context, leading to all sorts of browser-based
attacks from one user's content onto another's.  By confining user
content to http://username.serverdomain/ URLs, these attacks mostly
disappear.

mod_vhost_alias lets me map per-user subdomains onto the correct
directories (as long as the user homedirs are all in the same place,
at least) but does not let me assign execution uids based on the
username.

I believe the immediate path of least resistance for me is to make a
copy of the mod_userdir code and adapt it to do translation by
subdomain instead of path prefix.  But I'm also interested in doing
something which can be adopted upstream, so that I can eventually get
out of the business of maintaining a module.

Has there been any previous design in this direction, or do people
have thoughts about how it should work?  (I browsed back a year or so
in the mailing list archives and didn't find any.)  Perhaps
mod_userdir could be extended with directives to do subdomain
translation instead of or in addition to path prefix translation; that
way the enable/disable configuration logic wouldn't need to be
duplicated.

Thanks.

Mime
View raw message