RE: [users@httpd] Perl data-file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just an update of my current case with Perl data-files.

I decided that suEXEC is a bit too advanced for me.
Instead, I created a folder with sufficient permissions outside the
document root to write/create/store the data-files.
I wonder how much a security risk this is compared to suEXEC.

The only reason I decided not to use it is because the documentation
warned of serious security issues if it was used improperly.
Again, I am not the expert in the stuff, but thank you for your
suggestion anyway.

-----Original Message-----
From: Declerck Michael-W30479 
Sent: Wednesday, July 26, 2006 6:12 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Perl data-file

You are awesome. Thank you very much. 

-----Original Message-----
From: Richard de Vries [mailto:richard_devries@xxxxxxxxx]
Sent: Wednesday, July 26, 2006 6:04 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Perl data-file

Sounds like something fo suexec

http://httpd.apache.org/docs/2.2/suexec.html

--- Declerck Michael-W30479 <W30479@xxxxxxxxxxxx>
wrote:

> Hello,
> I have a problem with an Apache version 2.2 server running a Perl 
> script on an Ubuntu 6.06 machine that creates and appends a data-file.
> Currently, the data-file exists one folder deep in the document root.
> Apache clients run as the user daemon in group daemon.
> When the data-file is created, the file ownership and group is set to 
> daemon.
> The problem with this is that every Apache client runs as daemon, and 
> could simply guess the folder and data-file name, thus displaying 
> sensitive information (like contact information of other client's
> input) that they shouldn't be able to see.
>  
> I tried modifying the Perl script to put the file in another folder 
> outside of the Apache root directory, fortunately Apache denies 
> permission to all folders outside the document root(with the right 
> configuration).
>  
> The client should be able to view the index page, input data, and run 
> the Perl script only.
> The data-file should only be modifiable by the Perl script, and unable

> to be read, modified, or executed by daemon.
>  
> If you have any advice or tips on this matter, I would truly 
> appreciate your help.
>  
> Michael DeClerck
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux