httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KaiGai Kohei <kai...@ak.jp.nec.com>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 07:12:36 GMT
Graham Dumpleton wrote:
> 2009/4/8 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>> KaiGai Kohei wrote:
>>> Graham Dumpleton wrote:
>>>> 2009/4/8 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>>>>> Graham Dumpleton wrote:
>>>>>> Explain first why using FASTCGI and suexec wouldn't be a better option?
>>>>> Thease are limited to cgi applications, so we cannot apply such kind
>>>>> of restriction on the built-in script languages and references on
>>>>> static documents (like *.html).
>>>> FASTCGI is not restricted to CGI applications. At least in the sense
>>>> that FASTCGI allows persistent processes rather than one off processes
>>>> like CGI. FASTCGI bindings are available for many different languages,
>>>> including scripting languages, so what 'built-in script languages' are
>>>> you talking about? The suexec mechanism comes into play as it allows
>>>> FASTCGI processes to run as a different user than Apache process.
>>> Hmm... I'll try to search for more details of features of FastCGI.
>>>
>>> If you have a hint, could you tell for the questions currently I have?
>>> IIRC, the CGI version of PHP cannot handle applications which write
>>> out special HTTP headers, such as WWW-Authenticate: or Location:.
>>> Is it possible to handle correctly in FastCGI?
>>> I could not find FastCGI support for WebDav. Is it possible to control
>>> accesses on files using SELinux?
>> Hmm... It seems to me FastCGI has same limitation.
>> The online document introduces that an authenticator program can
>> be performed to handle authentication phase, but it may require
>> web applications to be modified.
>>  http://fastcgi.coremail.cn/configuration.htm#Authenticator
>>
>> If we don't hesitate to create a new process for each requests,
>> I have one another idea which does not require new hooks.
>> In the traditional client-server model, the server process forks
>> a child process to handle a request come from clients.
>> If we have such kind of MPM module, a security module can set
>> an individual privilege at the head of ap_run_handler hook.
>>
>> Needless to say, it has performance tradeoff, but we assume users
>> don't give the highest priority on the performance.
> 
> See experimental MPM from Apache 2.0.
> 
>   http://httpd.apache.org/docs/2.0/mod/perchild.html
> 
> Didn't get carried through to later Apache versions.

If I can understand correctly, the perchild mpm assigns individual
userid per virtual host, so it means all the requests handled by
a certain virtual host shares same privilege set.
The purpose of my efforts is to set individual privileges for each
web users of the given request.

Thanks for your information, but it is not suitable for us...
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

Mime
View raw message