|
Roberto Sanchez
roberto at familiasanchez.net
Thu Dec 15 23:07:12 EST 2005
Graham Dumpleton wrote: > > Yes, except that there are really two issues here. The first as you > highlight is that all scripts run as the same user. > > The bigger immediate problem is the potential cross pollution of Python > modules and the visibility of another users Python modules within the > executing process. This will occur where requests for each user are > handled within the context of one Python interpreter instance, which is > the default if both users requests are handled within the context of the > same virtual host. > > With a bit of work, one could specify in the main Apache configuration > file that each user has a distinct interpreter using PythonInterpreter > directive, but there is no way of stopping the user changing it to > something else in .htaccess file, bar preventing the use of .htaccess > file altogether. > > The consequence of this is that I could use PythonInterpreter to name > some other users interpreter and create special handlers that allowed > me to then browse all his loaded modules looking for senstive data > such as login details, or cached data out of a database etc. > > What is really required in mod_python is a way for an administrator to > set PythonInterpreter in the main Apache configuration differently for > differently parts of the URL namespace and then set some other option > to say that it cannot be overridden in a .htaccess file at all. > > This way the administrator has better control and can ensure some > seperation. I'm not sure though whether there is a means by which it > could be added to mod_python such that this could be done. Would need > some digging into the Apache internals. > > This wouldn't solve the problem completely though, as the fact that > all users code runs as the same actual user, means that you could just > read the source code in direct as text and steal it that way. This means > someone is doing it deliberately, but at present with how mod_python > works, the cross pollution of in memory modules can lead to unexpected > behaviour without even trying. Hopefully mod_python 3.3 will solve this > with the module importing system being reimplemented. > > So yes, your concerns are quite valid and no there aren't any simple > answers. :-( > > Graham > That is why I was attempting to get the mod_python behind a reverse proxy to work. At least that way, the apache instance is running as the user that owns the python modules. There are also implications there, but those are more easily solved. In the future, I will try and go with a complete virtual server approach, but my machine's resources will not allow that now. Anyhow, thanks for all the great insight. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
|