On April 4, 2001 at 16:37, Francois Petillon wrote:
I am working for an ISP and we are planning to offer web
archives for our users mailing-lists. I began to setup
mhonarc to do this but I have a security problem. As I
would like to permit people to have their owns ressources
files, a few ressource element (ie all filenames) might
be used to access/erase other sites files (such as
.htaccess or .htpassword). I tried to search in archives
or web sites to find an similar problem but without any
success.
...
To the latest case, I have two possible ideas :
- filtering the user ressource file to remove "dangerous"
ressource elements
- adding an option to mhonarc to define a "ressource
directory" (the "user root" directory), if this option
is used, then all files name should be relative to this
directory ('..' would be then forbidden)
Overwriting files can be avoided with the use of Unix permissions and
ownership. I.e. The uid of the process(es) that run mhonarc should be
different from the uids that own your .htaccess and other important
files. Also, if using Apache, configure it to not allow option
overrides, or restrict to a small subset of options, to prevent
security holes from malicious users.
You could also have mhonarc run in a chrooted environment so
file access is restricted to a subset of your file system.
Another option is to provide a custom front-end for mhonarc resource
configuration that only allows customization of a subset of mhonarc
resources. This may be beneficial if the archives must at least
follow some kind of style for your website.
--ewh
