Return-Path: 
 <modperl-return-40032-apmail-perl-modperl-archive=perl.apache.org@perl.apache.org>
Delivered-To: apmail-perl-modperl-archive@www.apache.org
Received: (qmail 80204 invoked from network); 3 May 2004 21:25:41 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 3 May 2004 21:25:41 -0000
Received: (qmail 36808 invoked by uid 500); 3 May 2004 21:24:55 -0000
Delivered-To: apmail-perl-modperl-archive@perl.apache.org
Received: (qmail 36780 invoked by uid 500); 3 May 2004 21:24:55 -0000
Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:modperl-help@perl.apache.org>
list-unsubscribe: <mailto:modperl-unsubscribe@perl.apache.org>
list-post: <mailto:modperl@perl.apache.org>
Delivered-To: mailing list modperl@perl.apache.org
Received: (qmail 36717 invoked from network); 3 May 2004 21:24:55 -0000
Message-ID: <4096B8A4.10000@jupiterhost.net>
Date: Mon, 03 May 2004 16:24:52 -0500
From: "JupiterHost.Net" <mlists@jupiterhost.net>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
 rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Modperl List <modperl@perl.apache.org>
Subject: Re: mod_perl File Extension Configuration instead of a
 Path	Configuration
References: <409172E8.9050507@jupiterhost.net>
	 <409665EC.4010901@jupiterhost.net>
 <20040503154000.M24813@venzia.com>	 <409675CC.9010401@jupiterhost.net>
 <1083602897.24366.48.camel@localhost.localdomain>
In-Reply-To: <1083602897.24366.48.camel@localhost.localdomain>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - redspot.jupiterhost.net
X-AntiAbuse: Original Domain - perl.apache.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jupiterhost.net
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


Thanks for your input! I really appreciate it!

Perrin Harkins wrote:
> On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote:
> 
>>IE: it would be just as dangerouse as running a regular perl or shell or 
>>OTHER_LANGUAGE_HERE script in their home dir, correct?
> 
> [...]
> 
>>mod_perl scripts are run with the permissions of the user correct?
>>IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]
> 
> 
> No, when you run things with mod_perl, they run in the apache server
> process.  They will always have the same permissions as the apache

So if I did it the .mpl way then /usr/foo/bar.mpl and /usr/foo/baz.mpl 
will run as nobody (IE untrusted user with less privileges)

(Regular .pl scripts currently run under suexec which I know mod_perl 
can't do since you can't split up a single process like that, will that 
hiinder mod_perl from running?)

Which is just as [in]secure as /home/foo/bar.pl , 
/home/foo/stuff/baz.sh, /home/foo/public_html/luz.py, correct?

(Maybe more secure since 'nobody' has less privs than 'foo', correct?)

> server.  It is not safe to run untrusted scripts under mod_perl.  (There
> is all kinds of hand-waving about using Safe or something, but the only
> thing I would trust is an entirely separate server running as an
> unprivileged user.)
> 
> More info on configuration options is available here:
> http://perl.apache.org/docs/1.0/guide/config.html

I'll definately take a look thanks!

> If you want to just run .pl scripts under specific directories through
> mod_perl, the docs there will tell you how (using a <FilesMatch>
> directive).

Oh, good idea! then I can limit it to cgi-bin and .mpl... hmmmm excellent :)

> - Perrin 

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html