Actually, what I'm trying to do now is, in access.conf:
Note, /tmp/tmppswd is read-only by the installer of the product, but I should
be root in access.conf (right?) so I should be able to read it anyway.
<perl>
use IO::File;
my $input = IO::File->new("</tmp/tmppswd") || die "Couldn't open
/tmp/foo.pl";
my $line = $input->getline();
print STDERR $line;
$input->close();
# $line = 'bar';
$Location{'/areaj'} = {
PerlSetVar => [
[foo => $line]
],
SetHandler => 'perl-script',
PerlHandler => 'AreaJ::AreaJ'
}
# push @{ $Location{'/areaj'}->{PerlSetVar} }, [foo => $line];
</perl>
Now I get an error:
[Mon Apr 16 15:43:32 2001] [error] <Perl>: PerlSetVar takes two arguments, Perl
config var and value
... because $line is somehow being evaluated to 0. If I uncomment the first
commented line, it works, leading me to believe that somehow the values inside
PerlSetVar have to be constants of some sort. Commenting out the PerlSetVar
part and uncommenting the push line just gives me 404 (doesn't even print out
my STDERR statement earlier in the routine, I really don't get that).
I'm obviously being a bonehead. Can anyone help?
Thanks,
//Thomas
Issac Goldstand wrote:
> Hmm... There might be another solution, but it's probably a bit dangerous -
> and in any case, one of the more experianced mod_perl people would have to
> confirm that it works as expected...
>
> But it would seem to me that if you can figure out at an early enough stage
> who you want to run the process as, you could set Apache to run as root:root
> and then use a ChildInitHandler (or any early stage handler) to do a setuid
> and setgid. Since perl is part of the child process, this should change the
> uid & gid of the entire process. This would seem slightly better then the
> below alternative as you can set MaxRequestsPerChild to 1 and just have one
> parent process spawning children with different uid/gids, instead of having
> to start up an entire server for each uid/gid pair... Of course, there's
> the security problem of everything that happens in the child until it gets
> to the setuid AND it's very important to make sure that there's a default
> uid/gid pair for the process to put on to prevent any sort of bypass. I
> don't know that I'd pick this solution without mulling it over for a few
> days, but maybe people on the list can think up some of the pro's and con's
> for me :)
>
> Issac
>
> (PS. Yes I know it's a dangerous approach, so you don't all have to
> personally bash me over the head with it ;-) )
>
> Internet is a wonderful mechanism for making a fool of
> yourself in front of a very large audience.
> --Anonymous
>
> Moving the mouse won't get you into trouble... Clicking it might.
> --Anonymous
>
> PGP Key 0xE0FA561B - Fingerprint:
> 7E18 C018 D623 A57B 7F37 D902 8C84 7675 E0FA 561B
>
> ----- Original Message -----
> From: "sterling" <[EMAIL PROTECTED]>
> To: "Thomas K. Burkholder" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, April 15, 2001 6:06 PM
> Subject: Re: modperl security model question
>
> > On Sun, 15 Apr 2001, Thomas K. Burkholder wrote:
> >
> > > Thanks again for the help - I have another one-
> > >
> > > My application consists of perl modules with file permissions set only
> > > to a particular user 'burkhold'. The database password is kept in
> > > plaintext in one of those modules. I use the User: and Group:
> > > directives in access.conf to cause the uid of the spawned httpd process
> > > to have permission to execute the code. It works fine, except that it
> > > seems I can't embed 'User: burkhold' inside a <Location> directive, so
> > > all requests have to be served as 'burkhold'. It seems like there
> > > should be some simple way in apache to specify what user the httpd
> > > should be set to when it's spawned, but except for the global User: I
> > > haven't found a way.
> > >
> >
> > An httpd process is spawned to handle _all_ locations, that is why the
> > Group/User can only be specified per server. If apache was able to spawn
> > separate processes to only handle one location, your suggestion would
> > work.
> >
> > The only solution i would offer would be to proxy all requests to
> > that location to another apache server, running on a different port,
> > as user bukhold. The main server could then run with whatever user is
> > appropriate, and have a ProxyPass directive to forward requests requiring
> > user burkhold.
> >
> >
> > sterling
> >
> >
> >
> >
> > > If I can't make this work, I may have to turf module handlers and go
> > > with a Registry and setuid solution, which I think would be a shame
> > > since I think handlers are a lot more elegant.
> > >
> > > This is probably well-trodden territory - anyone got a solution?
> > >
> > > Thanks again, several of you have been helpful to me, and I do
> > > appreciate it.
> > >
> > > Happy Easter.
> > >
> > > file://Thomas
> > > Thomas K. Burkholder
> > > [EMAIL PROTECTED]
> > >
> >
> >
