I'm developing an online survey system under mod_perl (with a homemade
perlhandler, not under Apache::Registry). Since I've had as a goal to
avoid as many dependencies as possible, I store results in local plaintext
files. By nature, these files has (?) to be writable by the uid apache
runs as.
In the mod_perl documentation it is written:
> When a handler needs write permissions, make sure that only the user,
> the server is running under, has write permissions to the files.
> Sometimes you need group write permissions, but be very careful, because
> a buggy or malicious code run in the server may destroy files writable
> by the server
My files fit this description (the files are chmodded 600). However, as
the system is intended for academic use, and it is not entirely uncommon
to have one student web server for everything, I cannot force admins not
to install (as an example) PHP with default options and allowing the
students to write PHP scripts.
In PHP, to completely remove all my stored data with one line of code:
<? passthru("rm -rf /usr/local/mod_survey/data/*") ?>
Now, this is obviously a flaw with (in descending order) PHP for not
having an installation with a secure default configuration, and with the
admins for giving untrusted users access to an inherently insecure
scripting language. However, the problem ends up being mine as I have to
handle it somehow.
So, question is: How do I protect my data files from being accessed by
anything else than my own perlhandler? Can I set another uid for all that
has to do with my specific perlhandler? Hints are most welcome.
// Joel
