[lug] Fun with Apache
rm at fabula.de
rm at fabula.de
Wed Nov 17 12:40:46 MST 2004
On Wed, Nov 17, 2004 at 08:55:10AM -0700, Matt Thompson wrote:
> Sorry, nothing about devels v. contractors, but a simple Apache
> question!
>
> In FC3 we have Seth's new yum, along with generate-rss. Now, I'd like
> to use this to serve an XML from my main Linux box and read it using
> Bloglines.
>
> This box has Apache serving just squirrelmail (as an IMAP link) and
> Subversion. So, everything I've ever done with was secured via other's
> instructions.
>
> Having said that, I'm hoping you can tell me what kind of holes I will
> put in my box using this script in a cron job:
>
> #!/bin/bash
> yum check-update
> yum --rss-filename=/var/www/html/yum-rss.xml generate-rss updates
> chown apache.apache /var/www/html/yum-rss.xml
>
> Of course, this is just a rough simple script from an F95 man that will
> probably kill PID 1 given a chance. What do the BLUG gurus say on the
> matter of security (or script design).
IANAG but i tend _not_ to give my data to the user the webserver is
running as. The server only ever needs read permissions to server
the data (unless we're talking about mod_dav, but that's a different
story). If you chown instead of chmod then, in case of an apache break
in, your data can be compromised.
Just my 0.02 $
Ralf Mattes
> --
> Learning just means you were wrong and they were right. - Aram
> Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
> 440 UCB, Boulder, CO 80309-0440
> JILA A510, 303-492-4662
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list