[development] RFC: letting modules phone home to check for new releases
Bèr Kessels
ber at webschuur.com
Thu Nov 23 12:41:41 UTC 2006
Op donderdag 23 november 2006 03:33, schreef Larry Garfield:
> Although, there are web control panels for the system itself, like webmin.
> I'm not entirely sure how they do their thing. That may be something to
> look into, but I still expect that any shared web host worth the money is
> going to not allow a normal user to run anything like that, on principle.
Webmin has its own webserver compiled, running on a different port. This
server runs with root(alike) permissions. When someone compromises such a
tool, he/she can do anything from within a browser.
I have already played with another option, being a single instance of
lighthttp running as a different user under a different UID, with root
permissions. That lighthttp serves a single hardened Drupal site Once logged
in on that site, certain modules can speak for example to sympal scripts,
e.g. to install a new multisite. OR simply exectute exec() tasks on the
server, as root.
However, Drupal was/is not secure enough *IMHO* to handle such a critical
task. E.g. too much issues with XSS and so were released last year, to serve
such a critical task.
But the idea works: Drupal can be used as a vhost management tool.
NOTE: Webmin is not very secure either (see the long list of security issues
on their site), but its architecture allows for better security
configurations.
Bèr
--
Drupal, Ruby on Rails and Joomla! development: webschuur.com | Drupal hosting:
sympal.nl
More information about the development
mailing list