Re: shared hosts and MP2 security

[prev] [thread] [next] [Date index for 2004/12/24]

 >-------- Оригинално писмо --------
 >От:  Stas Bekman <stas@xxxxxx.xxx>
 >Относно: Re: shared hosts and MP2 security
 >До: Markus Wichitill <mawic@xxx.xx>
 >Изпратено на: Четвъвтък, 2004, Декември 23 23:09:20 EET
 >----------------------------------
 >
 >Markus Wichitill wrote:
 >> Nick *** wrote:
 >> 
 >>> Let's assume that I have a web server with 50 virtual hosts. This web 
 >>> server is apache2 running as user nobody and has php installed. I've 
 >>> set php's OPEN_BASEDIR option for every VHost, so I can restrict the 
 >>> users' IO access outside their directories. Now I want to install MP2 
 >>> on the same server. I am setting a different interpreter pool for  
 >>> every VHost. And now how do I make sure that VHost1 user doesn't 
 >>> open($file, "<", "/www/VHost2/mysql_user_and_pass.pl").
 >> 
 >> 
 >> You basically can't.
 >> 
 >> What you really want is running different vhosts under different user 
 >> accounts, and that's what the Apache2-bundled perchild MPM was meant 
 >> for, but that was never finished. There's also the metux MPM project 
 >> which was meant to replace the perchild MPM, but that project seems to 
 >> be mostly dead, too. Which is a pity, since this means one less major 
 >> feature that might have made users switch to Apache2.
 >
 >No fear, there is Metux MPM http://www.metux.de/mpm/en/ which should do 
 >the same and better. I haven't tried it myself, but it looks like this is 
 >what Nick wants to do and report back how did it go. I'd expect that 
 >modperl2's build will blow up, since it has no clue what metux MPM means.
 >
 >Note that it's still in beta state:
 >http://www.metux.de/mpm/en/?patpage=status
 >
 >--

No Stas,
I'm not going to test it for now. And if I had that server with these VHosts, I would never use it, because of the beta status (and maybe because it's not bundled with the apache dist - it just doesn't give me the feeling it's as secure as apache itself).
Two days ago, I was talking to a friend, who is an administrator of a web server and when I asked him if he was going to install MP2, when it's stable, he told me: "Well, the big problem with MP2 is that it's not secure for a sever with many users and vhosts". I think, we all can agree that he is right.
Yes, there are perchild and mutex MPMs, but they are not usable at the moment and I doubt they will be when MP2 stable hits the outside world.
Unfortunately, many hosting companies, if not all, think like me (about the mutex mpm) and that's the problem with MP's netcraft statistics. Currenty, the companies CAN NOT install MP on their servers. Nobody wants to install proxied-backend-MP-enabled-apache-servers for every VHost.

PHP workarounds this problem with the OPEN_BASEDIR directive (http://www.php.net/manual/en/features.safe-mode.php). I don't know how secure this is, but it seems it works and I think that's the reason PHP is so widely spread among shared web hosts - and these hosts are many. If the admins have a way to secure their vhosts, I'm sure they will use MP2.

So what do we do? I can think of three options:
1. If it's possible to implement something like OPEN_BASEDIR - please do it and do it as soon as possible in the RCs - it's not too late.
2. Try to do something to push the development of the mutex and perchild mpms.
3. Sit back and wait and watch netcraft's negative statistics.

The problem with 2. is that even if perchild and mutext are ready after just a few months after MP2 stable is ready it will be too late. The admins will already have the impression from mp2 that it's not secure and they will never use it again. And tell other admins that it's not secure and the other ones will never try it. Sad, but it may become true.

-----------------------------------------------------------------
SMS известяване за получено писмо - http://promo.abv.bg/new_sms.html

        -- 
        Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html