Without delving into source, it appears that the midgard module (and/or
the php module?) start up before the change-user-id in apache.
The consequence of this is that if I have php includes, the include file
must be owned by root. Part of my design and content management for AOL
users^H^H^H^H^H^H^H^H^newbies allows them to upload a file (e.g., a page
created by a tool such as word-to-html conversion or excel-to-html
conversion) and put the filename in a designated field in article. The
page code tests for this and will include instead of execute.
However, I find that these include files must be owned by root. I
really don't like this since someone could upload a file containing code
that then operates as root.
(My uploads for users will be page-driven, but the code in the page will
then have to check for any script designators and chown to root if there
are.)
I don't want to turn off safe-mode (>>>> this <<<< is >>>>safe????<<<<),
and I don't want to turn off execCGI in the include directory.
I could create two directories -- one for flat HTML includes and one for
php includes that have to be chown'ed to root, but this is still a
kludge.
Another kludge, of course, is to check for shell escapes and disallow
scripts that include them -- probably a good idea in any case....
Any other ideas, people?
the cat
P.S. Always assume a user knows at least enough to be dangerous....
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
