> > >So, question is: How do I protect my data files from being accessed by >anything else than my own perlhandler? Can I set another uid for all that >has to do with my specific perlhandler? Hints are most welcome. > > // Joel > > Maybe you are facing the same problem, that I asked earlier in this list? Question: http://groups.yahoo.com/group/modperl/message/43025
The only solution I came with was to patch mod_perl.c and mod_perl.h with settings that disable handlers except from httpd.conf. At least I think these attached patches should do the trick... ;-) Best wishes, Kari
--- mod_perl.h Thu Jul 18 07:58:54 2002 +++ mod_perl.h.new Thu Jul 18 08:00:48 2002 @@ -768,7 +768,7 @@ #define PERL_DISPATCH_CMD_ENTRY \ "PerlDispatchHandler", (crft) perl_cmd_dispatch_handlers, \ NULL, \ - OR_ALL, TAKE1, "the Perl Dispatch handler routine name" + RSRC_CONF | ACCESS_CONF, TAKE1, "the Perl Dispatch handler routine name" #define PERL_DISPATCH_CREATE(s) s->PerlDispatchHandler = NULL #else @@ -875,7 +875,7 @@ #define PERL_AUTHEN_CMD_ENTRY \ "PerlAuthenHandler", (crft) perl_cmd_authen_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Authentication handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Authentication handler routine name" #define PERL_AUTHEN_CREATE(s) s->PerlAuthenHandler = PERL_CMD_INIT #else @@ -892,7 +892,7 @@ #define PERL_AUTHZ_CMD_ENTRY \ "PerlAuthzHandler", (crft) perl_cmd_authz_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Authorization handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Authorization handler routine name" #define PERL_AUTHZ_CREATE(s) s->PerlAuthzHandler = PERL_CMD_INIT #else #define PERL_AUTHZ_HOOK NULL @@ -908,7 +908,7 @@ #define PERL_ACCESS_CMD_ENTRY \ "PerlAccessHandler", (crft) perl_cmd_access_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Access handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Access handler routine name" #define PERL_ACCESS_CREATE(s) s->PerlAccessHandler = PERL_CMD_INIT #else @@ -927,7 +927,7 @@ #define PERL_TYPE_CMD_ENTRY \ "PerlTypeHandler", (crft) perl_cmd_type_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Type check handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Type check handler routine name" #define PERL_TYPE_CREATE(s) s->PerlTypeHandler = PERL_CMD_INIT #else @@ -944,7 +944,7 @@ #define PERL_FIXUP_CMD_ENTRY \ "PerlFixupHandler", (crft) perl_cmd_fixup_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Fixup handler routine name" + RSRC_CONF, PERL_TAKE, "the Perl Fixup handler routine name" #define PERL_FIXUP_CREATE(s) s->PerlFixupHandler = PERL_CMD_INIT #else @@ -961,7 +961,7 @@ #define PERL_LOG_CMD_ENTRY \ "PerlLogHandler", (crft) perl_cmd_log_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Log handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Log handler routine name" #define PERL_LOG_CREATE(s) s->PerlLogHandler = PERL_CMD_INIT #else @@ -978,7 +978,7 @@ #define PERL_CLEANUP_CMD_ENTRY \ "PerlCleanupHandler", (crft) perl_cmd_cleanup_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Cleanup handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Cleanup handler routine name" #define PERL_CLEANUP_CREATE(s) s->PerlCleanupHandler = PERL_CMD_INIT #else @@ -995,7 +995,7 @@ #define PERL_INIT_CMD_ENTRY \ "PerlInitHandler", (crft) perl_cmd_init_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Init handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Init handler routine name" #define PERL_INIT_CREATE(s) s->PerlInitHandler = PERL_CMD_INIT #else @@ -1012,7 +1012,7 @@ #define PERL_HEADER_PARSER_CMD_ENTRY \ "PerlHeaderParserHandler", (crft) perl_cmd_header_parser_handlers, \ NULL, \ - OR_ALL, PERL_TAKE, "the Perl Header Parser handler routine name" + RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Header Parser handler routine name" #define PERL_HEADER_PARSER_CREATE(s) s->PerlHeaderParserHandler = PERL_CMD_INIT #else
--- mod_perl.c Thu Jul 18 07:58:53 2002 +++ mod_perl.c.new Thu Jul 18 08:00:29 2002 @@ -107,13 +107,13 @@ RSRC_CONF, FLAG, "Turn on -w switch" }, { "PerlScript", (crft) perl_cmd_require, NULL, - OR_ALL, ITERATE, "this directive is deprecated, use `PerlRequire'" }, + RSRC_CONF | ACCESS_CONF, ITERATE, "this directive is deprecated, use +`PerlRequire'" }, { "PerlRequire", (crft) perl_cmd_require, NULL, - OR_ALL, ITERATE, "A Perl script name, pulled in via require" }, + RSRC_CONF | ACCESS_CONF, ITERATE, "A Perl script name, pulled in via require" }, { "PerlModule", (crft) perl_cmd_module, NULL, - OR_ALL, ITERATE, "List of Perl modules" }, + RSRC_CONF | ACCESS_CONF, ITERATE, "List of Perl modules" }, { "PerlSetVar", (crft) perl_cmd_var, NULL, OR_ALL, TAKE2, "Perl config var and value" }, @@ -122,19 +122,19 @@ OR_ALL, ITERATE2, "Perl config var and value" }, { "PerlSetEnv", (crft) perl_cmd_setenv, NULL, - OR_ALL, TAKE2, "Perl %ENV key and value" }, + RSRC_CONF | ACCESS_CONF, TAKE2, "Perl %ENV key and value" }, { "PerlPassEnv", (crft) perl_cmd_pass_env, NULL, - RSRC_CONF, ITERATE, "pass environment variables to %ENV"}, + RSRC_CONF | ACCESS_CONF, ITERATE, "pass environment variables to %ENV"}, { "PerlSendHeader", (crft) perl_cmd_sendheader, NULL, - OR_ALL, FLAG, "Tell mod_perl to parse and send HTTP headers" }, + RSRC_CONF | ACCESS_CONF, FLAG, "Tell mod_perl to parse and send HTTP headers" }, { "PerlSetupEnv", (crft) perl_cmd_env, NULL, - OR_ALL, FLAG, "Tell mod_perl to setup %ENV by default" }, + RSRC_CONF | ACCESS_CONF, FLAG, "Tell mod_perl to setup %ENV by default" }, { "PerlHandler", (crft) perl_cmd_handler_handlers, NULL, - OR_ALL, ITERATE, "the Perl handler routine name" }, + RSRC_CONF | ACCESS_CONF, ITERATE, "the Perl handler routine name" }, #ifdef PERL_TRANS { PERL_TRANS_CMD_ENTRY }, #endif