I'm developing an online survey system under mod_perl (with a homemade perlhandler, not under Apache::Registry). Since I've had as a goal to avoid as many dependencies as possible, I store results in local plaintext files. By nature, these files has (?) to be writable by the uid apache runs as.
In the mod_perl documentation it is written: > When a handler needs write permissions, make sure that only the user, > the server is running under, has write permissions to the files. > Sometimes you need group write permissions, but be very careful, because > a buggy or malicious code run in the server may destroy files writable > by the server My files fit this description (the files are chmodded 600). However, as the system is intended for academic use, and it is not entirely uncommon to have one student web server for everything, I cannot force admins not to install (as an example) PHP with default options and allowing the students to write PHP scripts. In PHP, to completely remove all my stored data with one line of code: <? passthru("rm -rf /usr/local/mod_survey/data/*") ?> Now, this is obviously a flaw with (in descending order) PHP for not having an installation with a secure default configuration, and with the admins for giving untrusted users access to an inherently insecure scripting language. However, the problem ends up being mine as I have to handle it somehow. So, question is: How do I protect my data files from being accessed by anything else than my own perlhandler? Can I set another uid for all that has to do with my specific perlhandler? Hints are most welcome. // Joel