Graham Dumpleton wrote:
http://httpd.apache.org/docs/2.3/mod/mod_privileges.html (in future httpd 2.4)
FWIW, contrary to what is suggested by documentation for
mod_privileges, I would anticipate that modules which embed a Python
interpreter such as mod_python and mod_wsgi are not going to be
compatible with at least SECURE mode of mod_privileges. This is
because after a fork of a Python process special Python interpreter
core function has to be called to do some fixups. This is fine if fork
done from Python code as it will be done automatically, but not if
done from external C code in same process. Not sure how well things
will work if that fixup function isn't called.
That's entirely likely. Fast mode is straightforward, but secure
mode is only sparsely tested, and could easily fall down when presented
with complex problems as you suggest. In such a scenario we could
either fix it as you suggest (how does ITK deal with this?), or
bow out and recommend alternatives.
BTW, what operating system feature does this use that means it is only
usable on Solaris?
Is there another OS that supports solaris-style privileges?
One could envisage other modules to harness operating system
security - such as SElinux - but I don't think it would look
similar enough to abstract out a common API.
--
Nick Kew
