[mod_python] security question

allen at modwest.com allen at modwest.com
Tue Nov 6 21:45:57 EST 2001 

If there is a way to search the archive for my answer, please
direct me to that.

My question is, what are the security options with mod_python? For
example, running python through CGI scripts allows the system owner to
wrap the script with cgiwrap, sbox, suexec or some other thing that can
make the program run with the permission of the owner, and not with
permission of Apache, so as to prevent users from hurting each other or
the system.

The mod_php partially answers this with "safe mode" and "openbasedir" that
govern what file activities a PHP script is allowed to do like
opening for reading (though everything still runs as apache).

Does mod_python have something similar to or better than "safe mode"? If
you are running mod_python can any user on the system write a python
script that can do anything the webserver has permission to do?

Thanks for any help,

Allen

More information about the Mod_python mailing list