[ic] mod_interchange and socket permissions
Kevin Walsh
kevin at cursor.biz
Sat Sep 27 16:55:15 EDT 2003
Kaare Rasmussen [kar at kakidata.dk] wrote:
> >
> > Kaare, search for the directive SocketPerms
> >
> I"ve already looked at this setting. Sorry I forgot to tell about it.
>
> >
> > Temporarily set permissions at restart:
> > interchange -r SocketPerms=666
> >
> This is more unsecure than should be necessary. I'd like it to be only the
> specific user and group that are allowed access to the socket.
>
You could add the Apache user into Interchange's group (/etc/group)
and set the following in your Interchange.cfg file:
SocketPerms 0660
What's wrong with 0666 anyway? I consider that to be more secure
than allowing the Apache user to monkey around in Interchange's group.
You could consider switching to INET-mode, which doesn't rely upon
file permissions at all. For local users, I don't see the difference
(security-wise) between INET-mode and UNIX-mode with SocketPerms=0666.
If anyone reports an actual, potential or even theoretical security
exploit, in any part of the Interchange core, then it will be looked
into.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list