[lug] Fun with Apache

rm at fabula.de rm at fabula.de
Wed Nov 17 12:40:46 MST 2004

On Wed, Nov 17, 2004 at 08:55:10AM -0700, Matt Thompson wrote:
> Sorry, nothing about devels v. contractors, but a simple Apache
> question!
> In FC3 we have Seth's new yum, along with generate-rss.  Now, I'd like
> to use this to serve an XML from my main Linux box and read it using
> Bloglines.
> This box has Apache serving just squirrelmail (as an IMAP link) and
> Subversion.  So, everything I've ever done with was secured via other's
> instructions.
> Having said that, I'm hoping you can tell me what kind of holes I will
> put in my box using this script in a cron job:
> #!/bin/bash
> yum check-update
> yum --rss-filename=/var/www/html/yum-rss.xml generate-rss updates
> chown apache.apache /var/www/html/yum-rss.xml
> Of course, this is just a rough simple script from an F95 man that will
> probably kill PID 1 given a chance.  What do the BLUG gurus say on the
> matter of security (or script design).

IANAG but i tend _not_ to give my data to the user the webserver is
running as. The server only ever needs read permissions to server
the data (unless we're talking about mod_dav, but that's a different
story). If you chown instead of chmod then, in case of an apache break
in, your data can be compromised. 

 Just my 0.02 $
     Ralf Mattes
> -- 
> Learning just means you were wrong and they were right. - Aram
>    Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
>    440 UCB, Boulder, CO  80309-0440
>    JILA A510, 303-492-4662

> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list