httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Dumpleton <graham.dumple...@gmail.com>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 06:52:16 GMT
2009/4/8 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> KaiGai Kohei wrote:
>> Graham Dumpleton wrote:
>>> 2009/4/8 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>>>> Graham Dumpleton wrote:
>>>>> Explain first why using FASTCGI and suexec wouldn't be a better option?
>>>> Thease are limited to cgi applications, so we cannot apply such kind
>>>> of restriction on the built-in script languages and references on
>>>> static documents (like *.html).
>>> FASTCGI is not restricted to CGI applications. At least in the sense
>>> that FASTCGI allows persistent processes rather than one off processes
>>> like CGI. FASTCGI bindings are available for many different languages,
>>> including scripting languages, so what 'built-in script languages' are
>>> you talking about? The suexec mechanism comes into play as it allows
>>> FASTCGI processes to run as a different user than Apache process.
>>
>> Hmm... I'll try to search for more details of features of FastCGI.
>>
>> If you have a hint, could you tell for the questions currently I have?
>> IIRC, the CGI version of PHP cannot handle applications which write
>> out special HTTP headers, such as WWW-Authenticate: or Location:.
>> Is it possible to handle correctly in FastCGI?
>> I could not find FastCGI support for WebDav. Is it possible to control
>> accesses on files using SELinux?
>
> Hmm... It seems to me FastCGI has same limitation.
> The online document introduces that an authenticator program can
> be performed to handle authentication phase, but it may require
> web applications to be modified.
>  http://fastcgi.coremail.cn/configuration.htm#Authenticator
>
> If we don't hesitate to create a new process for each requests,
> I have one another idea which does not require new hooks.
> In the traditional client-server model, the server process forks
> a child process to handle a request come from clients.
> If we have such kind of MPM module, a security module can set
> an individual privilege at the head of ap_run_handler hook.
>
> Needless to say, it has performance tradeoff, but we assume users
> don't give the highest priority on the performance.

See experimental MPM from Apache 2.0.

  http://httpd.apache.org/docs/2.0/mod/perchild.html

Didn't get carried through to later Apache versions.

Graham

Mime
View raw message