Thanks for your input! I really appreciate it!
Perrin Harkins wrote:
On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote:
IE: it would be just as dangerouse as running a regular perl or shell or OTHER_LANGUAGE_HERE script in their home dir, correct?
[...]
mod_perl scripts are run with the permissions of the user correct? IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]
No, when you run things with mod_perl, they run in the apache server process. They will always have the same permissions as the apache
So if I did it the .mpl way then /usr/foo/bar.mpl and /usr/foo/baz.mpl will run as nobody (IE untrusted user with less privileges)
(Regular .pl scripts currently run under suexec which I know mod_perl can't do since you can't split up a single process like that, will that hiinder mod_perl from running?)
Which is just as [in]secure as /home/foo/bar.pl , /home/foo/stuff/baz.sh, /home/foo/public_html/luz.py, correct?
(Maybe more secure since 'nobody' has less privs than 'foo', correct?)
server. It is not safe to run untrusted scripts under mod_perl. (There is all kinds of hand-waving about using Safe or something, but the only thing I would trust is an entirely separate server running as an unprivileged user.)
More info on configuration options is available here: http://perl.apache.org/docs/1.0/guide/config.html
I'll definately take a look thanks!
If you want to just run .pl scripts under specific directories through mod_perl, the docs there will tell you how (using a <FilesMatch> directive).
Oh, good idea! then I can limit it to cgi-bin and .mpl... hmmmm excellent :)
- Perrin
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
