Adam Chlipala <[EMAIL PROTECTED]> writes: > Should the Exim filters item be moved off the to-do list?
Yes. > 1) We don't allow mod_perl-style execution of scripts, because that > approach is incompatible with our privilege model. Ok. > 2) Apache's mod_suexec already has a tiny, separately frob-able program > called suexec. I modified it quite easily to add some security stuff on > fyodor, and I believe we could do the same on mire. This will probably work, as long as the dynamic content is executed in a process fork()ed by apache, not in the actual apache process itself. Just a warning, though, it's going to be ugly -- for example, how will that script decide which user's keytab to load? Also, we need some way for that script to surrender whatever permissions allowed it to access /etc/keytabs/ before it invokes the untrusted user's script. > 3) mod_php has a similar suexec-style wrapper, similarly tiny and easy > to add code to. (And I've done this on fyodor, too.) Can you point me to the documentation on this? I thought mod_php ran in the Apache process just like mod_perl. > I think we want Mailman data stored on user AFS volumes, too, for quota > purposes. However, the privileges should be easier, as we can grant a > system Mailman user access to the volumes, while giving users read > access. Thoughts on this? I don't know that much about how mailman works, but I assume that its web-based portion needs to be running with privileges greater than system:anyuser in order to process subscribe/unsubscribe/etc. If so, this is sorta blocked on getting Apache dynamic content working; we'll need to deal with that first. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
