perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel Palmius <joel.palm...@mh.se>
Subject Local file security (in 1.27)
Date Thu, 01 Aug 2002 07:32:32 GMT
I'm developing an online survey system under mod_perl (with a homemade
perlhandler, not under Apache::Registry). Since I've had as a goal to 
avoid as many dependencies as possible, I store results in local plaintext
files. By nature, these files has (?) to be writable by the uid apache
runs as.

In the mod_perl documentation it is written: 

> When a handler needs write permissions, make sure that only the user, 
> the server is running under, has write permissions to the files. 
> Sometimes you need group write permissions, but be very careful, because 
> a buggy or malicious code run in the server may destroy files writable 
> by the server

My files fit this description (the files are chmodded 600). However, as 
the system is intended for academic use, and it is not entirely uncommon 
to have one student web server for everything, I cannot force admins not 
to install (as an example) PHP with default options and allowing the 
students to write PHP scripts.  

In PHP, to completely remove all my stored data with one line of code:

  <? passthru("rm -rf /usr/local/mod_survey/data/*") ?>

Now, this is obviously a flaw with (in descending order) PHP for not 
having an installation with a secure default configuration, and with the 
admins for giving untrusted users access to an inherently insecure 
scripting language. However, the problem ends up being mine as I have to 
handle it somehow. 

So, question is: How do I protect my data files from being accessed by 
anything else than my own perlhandler? Can I set another uid for all that 
has to do with my specific perlhandler? Hints are most welcome. 

  // Joel


Mime
View raw message