Hi, I've asked previously on this list about inclusion of mpm-itk (http://mpm-itk.sesse.net/) into upstream Apache; previously, the requests have died down, mostly over discussions on security (mpm-itk does configuration and request parsing as uid 0, although with very limited capabilities) and arguments along the lines of “there is no need”, e.g. various people I've talked to feel that there are other adequate solutions for the problem, including suexec, multiple Apache instances with reverse proxying, or some GSoC project. (http://wiki.apache.org/httpd/PrivilegeSeparation even claims you can keep administrators from reading each others' sites simply by setting setting chmod 0640, completely ignoring the case where you can run PHP code or CGI scripts!)
However, since then mod_privileges have entered Apache trunk, which gives similar functionality (contradicting the arguments about “no need”), is very similar in terms of security model (contradicting the arguments about “the model is too insecure”), but is Solaris-specific, has less functionality (it lacks per-vhost nicing and per-vhost client limits), and generally seems to be less mature (e.g., as far as I can see, it fails to adequately handle the case where the client goes to a different-uid vhost and .htaccess thus is not readable). Furthermore, Fedora has recently accepted the mpm-itk patch into their Apache packages. This means that nearly every major distributor of Apache now supports mpm-itk; in particular, Arch, Debian, Fedora, FreeBSD ports, Gentoo, Mandriva, openSUSE and Ubuntu all include mpm-itk. I do not know of any module with a similar status, and having them all integrate the patch separately instead of simply having it in mainline seems wasteful. mpm-itk has, despite its non-mainline status, been in production in large sites for many years (it has been under development since 2005), and should at this point be considered mature. What would be needed to get it into mainline? /* Steinar */ -- Homepage: http://www.sesse.net/
