>
>
>So, question is: How do I protect my data files from being accessed by
>anything else than my own perlhandler? Can I set another uid for all that
>has to do with my specific perlhandler? Hints are most welcome.
>
> // Joel
>
>
Maybe you are facing the same problem, that I asked earlier in this
list? Question: http://groups.yahoo.com/group/modperl/message/43025
The only solution I came with was to patch mod_perl.c and mod_perl.h
with settings that disable handlers except from httpd.conf. At least I
think these attached patches should do the trick... ;-)
Best wishes, Kari
--- mod_perl.h Thu Jul 18 07:58:54 2002
+++ mod_perl.h.new Thu Jul 18 08:00:48 2002
@@ -768,7 +768,7 @@
#define PERL_DISPATCH_CMD_ENTRY \
"PerlDispatchHandler", (crft) perl_cmd_dispatch_handlers, \
NULL, \
- OR_ALL, TAKE1, "the Perl Dispatch handler routine name"
+ RSRC_CONF | ACCESS_CONF, TAKE1, "the Perl Dispatch handler routine name"
#define PERL_DISPATCH_CREATE(s) s->PerlDispatchHandler = NULL
#else
@@ -875,7 +875,7 @@
#define PERL_AUTHEN_CMD_ENTRY \
"PerlAuthenHandler", (crft) perl_cmd_authen_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Authentication handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Authentication handler routine name"
#define PERL_AUTHEN_CREATE(s) s->PerlAuthenHandler = PERL_CMD_INIT
#else
@@ -892,7 +892,7 @@
#define PERL_AUTHZ_CMD_ENTRY \
"PerlAuthzHandler", (crft) perl_cmd_authz_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Authorization handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Authorization handler routine name"
#define PERL_AUTHZ_CREATE(s) s->PerlAuthzHandler = PERL_CMD_INIT
#else
#define PERL_AUTHZ_HOOK NULL
@@ -908,7 +908,7 @@
#define PERL_ACCESS_CMD_ENTRY \
"PerlAccessHandler", (crft) perl_cmd_access_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Access handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Access handler routine name"
#define PERL_ACCESS_CREATE(s) s->PerlAccessHandler = PERL_CMD_INIT
#else
@@ -927,7 +927,7 @@
#define PERL_TYPE_CMD_ENTRY \
"PerlTypeHandler", (crft) perl_cmd_type_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Type check handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Type check handler routine name"
#define PERL_TYPE_CREATE(s) s->PerlTypeHandler = PERL_CMD_INIT
#else
@@ -944,7 +944,7 @@
#define PERL_FIXUP_CMD_ENTRY \
"PerlFixupHandler", (crft) perl_cmd_fixup_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Fixup handler routine name"
+ RSRC_CONF, PERL_TAKE, "the Perl Fixup handler routine name"
#define PERL_FIXUP_CREATE(s) s->PerlFixupHandler = PERL_CMD_INIT
#else
@@ -961,7 +961,7 @@
#define PERL_LOG_CMD_ENTRY \
"PerlLogHandler", (crft) perl_cmd_log_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Log handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Log handler routine name"
#define PERL_LOG_CREATE(s) s->PerlLogHandler = PERL_CMD_INIT
#else
@@ -978,7 +978,7 @@
#define PERL_CLEANUP_CMD_ENTRY \
"PerlCleanupHandler", (crft) perl_cmd_cleanup_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Cleanup handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Cleanup handler routine name"
#define PERL_CLEANUP_CREATE(s) s->PerlCleanupHandler = PERL_CMD_INIT
#else
@@ -995,7 +995,7 @@
#define PERL_INIT_CMD_ENTRY \
"PerlInitHandler", (crft) perl_cmd_init_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Init handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Init handler routine name"
#define PERL_INIT_CREATE(s) s->PerlInitHandler = PERL_CMD_INIT
#else
@@ -1012,7 +1012,7 @@
#define PERL_HEADER_PARSER_CMD_ENTRY \
"PerlHeaderParserHandler", (crft) perl_cmd_header_parser_handlers, \
NULL, \
- OR_ALL, PERL_TAKE, "the Perl Header Parser handler routine name"
+ RSRC_CONF | ACCESS_CONF, PERL_TAKE, "the Perl Header Parser handler routine name"
#define PERL_HEADER_PARSER_CREATE(s) s->PerlHeaderParserHandler = PERL_CMD_INIT
#else
--- mod_perl.c Thu Jul 18 07:58:53 2002
+++ mod_perl.c.new Thu Jul 18 08:00:29 2002
@@ -107,13 +107,13 @@
RSRC_CONF, FLAG, "Turn on -w switch" },
{ "PerlScript", (crft) perl_cmd_require,
NULL,
- OR_ALL, ITERATE, "this directive is deprecated, use `PerlRequire'" },
+ RSRC_CONF | ACCESS_CONF, ITERATE, "this directive is deprecated, use
+`PerlRequire'" },
{ "PerlRequire", (crft) perl_cmd_require,
NULL,
- OR_ALL, ITERATE, "A Perl script name, pulled in via require" },
+ RSRC_CONF | ACCESS_CONF, ITERATE, "A Perl script name, pulled in via require" },
{ "PerlModule", (crft) perl_cmd_module,
NULL,
- OR_ALL, ITERATE, "List of Perl modules" },
+ RSRC_CONF | ACCESS_CONF, ITERATE, "List of Perl modules" },
{ "PerlSetVar", (crft) perl_cmd_var,
NULL,
OR_ALL, TAKE2, "Perl config var and value" },
@@ -122,19 +122,19 @@
OR_ALL, ITERATE2, "Perl config var and value" },
{ "PerlSetEnv", (crft) perl_cmd_setenv,
NULL,
- OR_ALL, TAKE2, "Perl %ENV key and value" },
+ RSRC_CONF | ACCESS_CONF, TAKE2, "Perl %ENV key and value" },
{ "PerlPassEnv", (crft) perl_cmd_pass_env,
NULL,
- RSRC_CONF, ITERATE, "pass environment variables to %ENV"},
+ RSRC_CONF | ACCESS_CONF, ITERATE, "pass environment variables to %ENV"},
{ "PerlSendHeader", (crft) perl_cmd_sendheader,
NULL,
- OR_ALL, FLAG, "Tell mod_perl to parse and send HTTP headers" },
+ RSRC_CONF | ACCESS_CONF, FLAG, "Tell mod_perl to parse and send HTTP headers" },
{ "PerlSetupEnv", (crft) perl_cmd_env,
NULL,
- OR_ALL, FLAG, "Tell mod_perl to setup %ENV by default" },
+ RSRC_CONF | ACCESS_CONF, FLAG, "Tell mod_perl to setup %ENV by default" },
{ "PerlHandler", (crft) perl_cmd_handler_handlers,
NULL,
- OR_ALL, ITERATE, "the Perl handler routine name" },
+ RSRC_CONF | ACCESS_CONF, ITERATE, "the Perl handler routine name" },
#ifdef PERL_TRANS
{ PERL_TRANS_CMD_ENTRY },
#endif
