perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terrence Brannon <>
Subject setting up virtual hosts
Date Tue, 12 Jul 2005 22:31:18 GMT


Background of Problem

   At our [1]webhosting cooperative, each website is setup in a virtual
   host like this:

     <VirtualHost *>
             ErrorLog /var/log/apache/
             CustomLog /var/log/apache/ combined
             IndexOptions FancyIndexing FoldersFirst
             DocumentRoot /home/terry/public_html/
             <Location />
                     Options +Includes +IncludesNOEXEC
             Alias /pipermail /var/lib/mailman/archives/public
             <Location />
                     AddHandler perl-script .html
                     PerlModule HTML::Mason::ApacheHandler
                     PerlHandler HTML::Mason::ApacheHandler
             PerlSetVar MasonDataDir /home/terry/public_html/
             User www-data
             Group www-data

   Unfortunately, we have been hit by a [2]uselib() privilege elevation
   exploit. As a result, our sysadmins have decided that any CGI/mod_perl
   process has to run as a specific user instead of as www-data.

   At the moment, the sysadmins see no way to run mod_perl such that the
   mod_perl requests can run as a specific user. Unless I can find a way
   to have mod_perl processes for each virtual host run as a specific
   user, we will have mod_perl shutdown.

The Question

   How can we setup our virtual hosts so that each one runs as a specific
   Unix user?

   Last updated 12-Jul-2005 21:50:04 GMT



	Carter's Compass: I know I'm on the right track when,
	   by deleting something, I'm adding functionality.

View raw message