Javier Quinteros
jquinte at fadu.uba.ar
Mon Apr 8 16:19:18 EST 2002
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi !!! If you are worried about exposing some scripts that should "only" be used from other modules importing them, there's an easy solution (and I think it's the right one)... ;-) Suppose you've got a script called interfacedb.py in your directory and it's full of functions that access your DB without checking anything, because you supose that it was imported from the modules that effectively do the checkings. The solution is to put this statement at the beggining of the script: __auth__ = {} This way, you're telling apache that no one is authorize to access (execute) this script. You can only call the functions inside the script if you import it from other module. This way you should add this statement to every script you don't want to be execute directly, no matter what URL you ask your browser. Sorry if I misunderstood your question.... Hope this help... On Friday 05 April 2002 23:43, Allan Saddi wrote: > Hi there, > > I'm using mod_python 2.7.6 on FreeBSD. I was playing around with > the publisher handler today when I noticed something of concern. > I scoured the mailing list archives to see if it was mentioned > before, but I found no mention of it. (If it was discussed > before, please point me to the approximate date of the thread.) > > Basically, if a module is loaded indirectly (via an import from > within another module), an outside user will be able to call > functions within that module afterward. > > So, for example, if I have a script foo.py that imports pgdb > (PyGreSQL), and foo.py is later "published" by publisher, > afterward, I will be able to call functions within pgdb through > publisher. Note though that if a particular Apache child > interpreter instance has never loaded foo.py, it will > (rightfully) reject requests to pgdb. > > The problem seems to lie in mod_python.apache.import_module(), > specifically this section of code: > > # keep track of file modification time and > # try to reload it if it is newer > if sys.modules.has_key(module_name): > > # the we won't even bother importing > module = sys.modules[module_name] > > ... > > When path is specified and not None (as it normally is when > import_module() is called from publisher), it is ignored if the > module already exists in the global modules list (sys.modules). > > I'm a new mod_python user, so I'm not sure if this is a bug or > an intended feature. The impact of this behavior seems to be > limited to pure python modules, so thankfully, modules like os > cannot be exploited this way. Essentially though, publisher is > exposing interfaces that the programmer may not know are > exposed. And that could be bad... > > (Using my pgdb example, I was able to connect to my database > using the right URL... I wasn't able to do much else beyond > that, but that alone seemed scary enough.) > > - Allan Saddi > asaddi at philosophysw.com > - -- - --------------------------------- Javier Quinteros jquinte at fadu.uba.ar Secretaría de Planificación Universidad de Buenos Aires - --------------------------------- Existe un solo lugar donde el Norte y el Sur del mundo se enfrentan en igualdad de condiciones: es una cancha de fútbol de Brasil, en la desembocadura del río Amazonas. La línea del ecuador corta por la mitad el estadio Zerao, en Amapá, de modo que cada equipo juega un tiempo en el sur y otro tiempo en el norte. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8se02dBzRnlFl4cgRAilyAJ9HCNjVlEHoG/zbv/A1XSx3P98RkwCg5ATw D4QDlDayZurKXPr+QjhRX9E= =Ji5h -----END PGP SIGNATURE-----
|