[development] RFC: letting modules phone home to check for new releases

Bèr Kessels ber at webschuur.com
Thu Nov 23 12:41:41 UTC 2006

Op donderdag 23 november 2006 03:33, schreef Larry Garfield:
> Although, there are web control panels for the system itself, like webmin.
>   I'm not entirely sure how they do their thing.  That may be something to
> look into, but I still expect that any shared web host worth the money is
> going to not allow a normal user to run anything like that, on principle.

Webmin has its own webserver compiled, running on a different port. This 
server runs with root(alike) permissions. When someone compromises such a 
tool, he/she can do anything from within a browser.

I have already played with another option, being a single instance of 
lighthttp running as a different user under a different UID, with root 
permissions. That lighthttp serves a single hardened Drupal site Once logged 
in on that site, certain modules can speak for example to sympal scripts, 
e.g. to install a new multisite. OR simply exectute exec() tasks on the 
server, as root. 
However, Drupal was/is not secure enough *IMHO* to handle such a critical 
task. E.g. too much issues with XSS and so were released last year, to serve 
such a critical task. 
But the idea works: Drupal can be used as a vhost management tool.

NOTE: Webmin is not very secure either (see the long list of security issues 
on their site), but its architecture allows for better security 


Drupal, Ruby on Rails and Joomla! development: webschuur.com | Drupal hosting: 

More information about the development mailing list