[development] RFC: letting modules phone home to check for new releases

Darrel O'Pry dopry at thing.net
Mon Nov 27 14:48:32 UTC 2006


On Thu, 2006-11-23 at 03:11 +0100, Steven Wittens wrote:
> > Therefore, you either need to temporarily give apache write access  
> > to code
> > files (which you can't do from within a web app running in apache,  
> > obviously)
> > or run the upgrade as a user that already has write access to them.
> 
> Are we sure that you can't change the owner of the current process  
> through Apache? We can execute arbitrary shell commands, if needed.  
> The ideal solution could then be a script that can be invoked both  
> from the web and from the command-line.
> 
> Through the browser, it would ask for your local username/password,  
> and then perform the upgrade tasks (only from a very limited set of  
> commands, e.g. unpacking module files and copying them into the right  
> dir). From the command-line, it would just assume the current user is  
> the right one already.
> 
> Steven Wittens

A well written & setuid script would do the job.  You can call it
through system or exec I believe. There are many applications that use
this technique. The first that come to mind or qmail and majordomo.  I
believe windows even supports a run as user option for its files. 

Something to keep in mind about such a script is it should in no way
receive input from the browser. It should only be triggered, and should
still be paranoid about its config files... aka they're still owned by
the proper non-apache uid, don't contain any sort of exploit like
code...

At the end of the day I'm more concerned about other websites on shared
servers and partitioning risk between multiple sites on the same server.
As it is any code injection bugs in drupal could me a lost db, and the
real value of most websites is what's in the database.

.darrel.



More information about the development mailing list