[mod_python] security question

Gregory (Grisha) Trubetskoy grisha at modpython.org
Wed Nov 7 00:23:21 EST 2001 

On Tue, 6 Nov 2001 allen at modwest.com wrote:

> Does mod_python have something similar to or better than "safe mode"? If
> you are running mod_python can any user on the system write a python
> script that can do anything the webserver has permission to do?

Yes, pretty much.

I'm not familiar with what PHP does, though at first glance this looks
like semi-security - if the process still runs as the httpd user, there's
probably still a great risk of someone finding a way around the barriers
PHP imposes... But then again I don't know first thing about it.

Apache 2.0 should have a native solution to this problem
(http://httpd.apache.org/docs-2.0/mod/perchild.html), so there is probably
no point in trying to engineer something through mod_python, especially
considering I have no control over the actual Python interpreter code
itself (unlike the PHP people).

Grisha

More information about the Mod_python mailing list