perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "JupiterHost.Net" <>
Subject Re: mod_perl File Extension Configuration instead of a Path Configuration
Date Mon, 03 May 2004 21:24:52 GMT

Thanks for your input! I really appreciate it!

Perrin Harkins wrote:
> On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote:
>>IE: it would be just as dangerouse as running a regular perl or shell or 
>>OTHER_LANGUAGE_HERE script in their home dir, correct?
> [...]
>>mod_perl scripts are run with the permissions of the user correct?
>>IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]
> No, when you run things with mod_perl, they run in the apache server
> process.  They will always have the same permissions as the apache

So if I did it the .mpl way then /usr/foo/bar.mpl and /usr/foo/baz.mpl 
will run as nobody (IE untrusted user with less privileges)

(Regular .pl scripts currently run under suexec which I know mod_perl 
can't do since you can't split up a single process like that, will that 
hiinder mod_perl from running?)

Which is just as [in]secure as /home/foo/ , 
/home/foo/stuff/, /home/foo/public_html/, correct?

(Maybe more secure since 'nobody' has less privs than 'foo', correct?)

> server.  It is not safe to run untrusted scripts under mod_perl.  (There
> is all kinds of hand-waving about using Safe or something, but the only
> thing I would trust is an entirely separate server running as an
> unprivileged user.)
> More info on configuration options is available here:

I'll definately take a look thanks!

> If you want to just run .pl scripts under specific directories through
> mod_perl, the docs there will tell you how (using a <FilesMatch>
> directive).

Oh, good idea! then I can limit it to cgi-bin and .mpl... hmmmm excellent :)

> - Perrin 

Report problems:
Mail list info:
List etiquette:

View raw message