| 1 |
On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote: |
| 2 |
> Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT] |
| 3 |
> > After the 1.4 release (maybe before, depending on how busy I am with |
| 4 |
> > work), there will be a migration of all web applications to install |
| 5 |
> > somewhere like /usr/share/webapp/${P} (maybe ${PF}) |
| 6 |
> |
| 7 |
> This doesn't sound right to me since /usr should be mountable read-only. |
| 8 |
> Don't many/most web applications need to be able to write to their |
| 9 |
> installation area? I personally like the Debian solution of /var/www |
| 10 |
I agree totally with keeping /usr read-only during normal system use. |
| 11 |
|
| 12 |
Very few applications do write their directories, and those that do are |
| 13 |
in the great majority of cases broken. This is because this requires that their |
| 14 |
directories have permissions suitable for the webserver to write to |
| 15 |
them. |
| 16 |
|
| 17 |
ALL of /usr/share/webapp will be chown root.root, with mode 755 for |
| 18 |
directories, and 644 for files. |
| 19 |
|
| 20 |
Under my solution the application THINKS it is running in the instance |
| 21 |
directory. |
| 22 |
|
| 23 |
The key thing is this inside the .htaccess file for each instance: |
| 24 |
php_value include_path ".:/usr/share/webapp/${P}" |
| 25 |
|
| 26 |
Then they have whatever access to . and read-only to |
| 27 |
/usr/share/webapp/${P}. |
| 28 |
|
| 29 |
Say a web application requires a config file 'config.php'. |
| 30 |
You could then have two instances |
| 31 |
/var/www/site1/webapp/ |
| 32 |
/var/www/site2/webapp/ |
| 33 |
Where each directory contains only two files, 'config.php' and '.htaccess'. |
| 34 |
|
| 35 |
Now even if somebody were to break in and get your PHP to run arbitrary |
| 36 |
code, their damage would be limited to those two files (and anything |
| 37 |
else the apache user has permissions to, which does NOT include the |
| 38 |
actual webapp. |
| 39 |
|
| 40 |
If you wanted to seriously customize an instance, all that would be |
| 41 |
needed would be to copy the file from /usr/share/webapp/${P} to your |
| 42 |
instance directory, and modify the copy in your instance directory. |
| 43 |
|
| 44 |
In my entire time as a PHP programmer, I have seen only one instance |
| 45 |
where an application really needed access to a local directory to write |
| 46 |
files, and that was only because of a shortcoming in the API used, that |
| 47 |
could not send data directly but had to build it on disk (PDF creation |
| 48 |
stuff). |
| 49 |
|
| 50 |
-- |
| 51 |
Robin Hugh Johnson |
| 52 |
E-Mail : robbat2@××××××××××××××.net |
| 53 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
| 54 |
ICQ# : 30269588 or 41961639 |
| 55 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives