Emiliano wrote:
> Carilda Thomas wrote:
> >
> > Without delving into source, it appears that the midgard module (and/or
> > the php module?) start up before the change-user-id in apache.
>
> I believe that the module indeed starts up before the change but issues
> the setuid immediately after initialization -- before any actual
> processing takes place.
>
> > The consequence of this is that if I have php includes, the include file
> > must be owned by root. Part of my design and content management for AOL
> > users^H^H^H^H^H^H^H^H^newbies allows them to upload a file (e.g., a page
> > created by a tool such as word-to-html conversion or excel-to-html
> > conversion) and put the filename in a designated field in article. The
> > page code tests for this and will include instead of execute.
>
> Odd. When I do a touch in a php file the ownership is exactly what I
> would expect for my setup (nobody/nogroup). I don't think PHP page
> inclusion,
> which is part of normal PHP processing, would occur during module
> initialization. It shouldn't anyway.
>
> > However, I find that these include files must be owned by root. I
> > really don't like this since someone could upload a file containing code
> > that then operates as root.
>
> Even if for some stupid design decision the includes should indeed be
> owned by root that does not necesarily mean the scripts will be run as
> root. A simple php script that touches a file in /tmp will tell you as
> what user the script is running.
>
> > I don't want to turn off safe-mode (>>>> this <<<< is >>>>safe????<<<<),
> > and I don't want to turn off execCGI in the include directory.
>
> Still, file ownership shouldn't affect the user a script runs as.
The message I get is:
Warning: SAFE MODE Restriction in effect. The script whose uid is 0 is not
allowed to access <fullpathname>
owned by uid <my personal uid> in content on line 32
Warning: Failed opening "<filename>" for inclusion in content on line 32
This disappears if I change the uid to root.
I have a different uid/gid from nobody/nogroup which the apache executes
under.
What is really fascinating here -- love to have you tell me what is happening
-- is that if I try changing the owner to the apache's uid, the change is not
recognized, and the error message persists in telling me that script running
under 0 cannot run script owned by cat! I cleared cache (netscape), went to
a different box, tried on both netscape and brand new session of MSIE --
still thinks script was owned by me.
When I chown'ed it back to root, the change in ownership was picked up
immediately....
Am I nuts here or what?
cat
>
>
> > I could create two directories -- one for flat HTML includes and one for
> > php includes that have to be chown'ed to root, but this is still a
> > kludge.
>
> True.
>
> > P.S. Always assume a user knows at least enough to be dangerous....
>
> "Only the paranoid will survive"
>
> emile
>
> --
> This is The Midgard Project's mailing list. For more information,
> please visit the project's web site at http://www.midgard-project.org
>
> To unsubscribe the list, send an empty email message to address
> [EMAIL PROTECTED]
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
