[prev in list] [next in list] [prev in thread] [next in thread]
List: gallery-devel
Subject: [Gallery-devel] Possible Securing Module
From: John McCreight <dalrain () dalrain ! net>
Date: 2002-01-26 19:28:15
[Download RAW message or body]
Hello everyone,
This is my first time posting to the development mailing list, so I'll begin
by thanking all the developers for some completely "whup butt" software.
I've installed Gallery 5 different times so far, and every time it's proven
it's worth as the greatest gallery I have seen so far, in terms of ease of
use, and flexibilty.
And now to the idea (or possibly task) at hand. While using gallery, and
actually PHP in general, there is the encumerance of one having to actually
run a specific httpd process as a user to properly get permissions to read
and write to files within a directory upon a webserver as a proper user.
While setting permissions on the albums directory to 777 can fix this by
allowing the normal webserver user to access a directory, this is gigantic
hole in places where virtual hosts are used that are accessable to other
users. The other solution, changing the owner of the directory to the web
user, isn't always feasible in itself, as on most systems (as it should be)
users are not permitted to "give away" their files.
To this, if it's feasible, someone shoot me if it isn't, I might propose a
small wrapping security module in perl, which most web servers today are
configured to run as a user. The script could contain very restricting code,
only accepting connections from the server itself, and then writing files
that Gallery passes to it to disk. (The php code could still call netpbm to
do all the work as usual, just pass it's completed files for writing to the
perl) Most webservers today would cause permissioning on the files to be 644,
allowing for the PHP to still read and display said files. I feel that there
must be something done to combat the problem of the PHP web user to secure
things up a bit, and this would be my proposal. I couldn't see why this
couldn't be done as an optional module to be installed, and it would probably
not need to be very large either. In addition, the user would then own the
files inside the album, making the album dir deletable easily by mere
mortals, should that need to occur.
If I'm a dead wrong idiot, feel free to explain why, and I'll go away again,
but the security implications of the albums dir has been bothering me for
some time now. Thank you for all your expertise, and if anyone might be
interested in attempting to modularize such a thing, let me know. Either
way, I'm interested in hearing about the technology, and look forward to
keeping up with the list.
All the best,
~John McCreight
__[ g a l l e r y - d e v e l ]_________________________
[ list info/archive --> http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sf.net ]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic