After some time playing with modperl, i realized some problem (that's
the way i call them) related with modperl!
By looking the way modperl works today, it's clearly it were not
desgined to SECURELY support a multi-user environment. For instance: Any
user can write a script that will be able to read any file owned by the
httpd server, in a multi-user environment it should not be allowed. A
gentle way to prevent this would be not to allow a script read a file
whose owner id is not the same from the script owner id, isn't it?
Another problem: process creation should be wrapped by apache suexec
mechanism, is it currently done this way? Why not?
************
************
May some here confirm me that if i am a security concious admin, i
should not make modperl+embperl available to my user?
************
************
