perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: security (fwd)
Date Thu, 01 Mar 2001 02:38:27 GMT
On Thu, 1 Mar 2001, Robin Berjon wrote:

> At 09:48 01/03/2001 +0800, Stas Bekman wrote:
> >Doug, do you plan to answer these concerns (see below) in 2.0? This kind
> >of question pops up quite often and it's a legitimate one, to allow ISPs
> >using mod_perl mainstream.
> >
> >So will it be possible to make pools of interpreters with different
> >owners, running under different UID/GID? I can think of MPM model where
> >there are different processes, each potentially owned by a different owner
> >and having a pool of threads inside of each.
>
> I think that's what the following two points address:
>
> http://perl.apache.org/~dougm/modperl_2.0.html#mpms  multiprocessing model
> modules
> http://perl.apache.org/~dougm/modperl_2.0.html#perloptions directive
>
> (the urls' targets seem to contain whitespace, be sure to include those to
> get there directly).
>
> I'm not sure this addresses all such security concerns, but the following
> extract seems to imply that at least it can go a long way:
>
> "A common problem with mod_perl-1.xx was the shared namespace between all
> code within the process.  Consider two developers using the same server and
> each which to run a different version of a module with the same name.  This
> example will create two parent Perls, one for each VirtualHost, each with
> its own namespace and pointing to a different paths in @INC"

Oops, I have to reread the doc. It's been a long time...

Thanks for the head ups, Robin!

_____________________________________________________________________
Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
mailto:stas@stason.org   http://apachetoday.com http://logilune.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/



Mime
View raw message