perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terrence Brannon <bauh...@metaperl.com>
Subject setting up virtual hosts
Date Tue, 12 Jul 2005 22:31:18 GMT

   Hi,
     _________________________________________________________________

Background of Problem

   At our [1]webhosting cooperative, each website is setup in a virtual
   host like this:

     <VirtualHost *>
             ServerName www.livingcosmos.org
             ErrorLog /var/log/apache/www.livingcosmos.org-error.log
             CustomLog /var/log/apache/www.livingcosmos.org-access.log combined
             IndexOptions FancyIndexing FoldersFirst
             ServerAlias livingcosmos.org
             ServerAdmin webmaster@livingcosmos.org
             DocumentRoot /home/terry/public_html/livingcosmos.org
             <Location />
                     Options +Includes +IncludesNOEXEC
             </Location>
             Alias /pipermail /var/lib/mailman/archives/public
             <Location />
                     AddHandler perl-script .html
                     PerlModule HTML::Mason::ApacheHandler
                     PerlHandler HTML::Mason::ApacheHandler
             </Location>
             PerlSetVar MasonDataDir /home/terry/public_html/livingcosmos.org/m
ason_data
             User www-data
             Group www-data
     </VirtualHost>

   Unfortunately, we have been hit by a [2]uselib() privilege elevation
   exploit. As a result, our sysadmins have decided that any CGI/mod_perl
   process has to run as a specific user instead of as www-data.

   At the moment, the sysadmins see no way to run mod_perl such that the
   mod_perl requests can run as a specific user. Unless I can find a way
   to have mod_perl processes for each virtual host run as a specific
   user, we will have mod_perl shutdown.
     _________________________________________________________________

The Question

   How can we setup our virtual hosts so that each one runs as a specific
   Unix user?
     _________________________________________________________________

   Last updated 12-Jul-2005 21:50:04 GMT

References

   1. http://hcoop.net/
   2. http://packetstorm.rlz.cl/0501-exploits/uselib24.c

-- 
	Carter's Compass: I know I'm on the right track when,
	   by deleting something, I'm adding functionality.


Mime
View raw message