Earl Hood wrote:
Overwriting files can be avoided with the use of Unix permissions and
ownership. I.e. The uid of the process(es) that run mhonarc should be
different from the uids that own your .htaccess and other important
It is uneasy to do due to our system architecture. The main script is
running as root for several "good" reasons. I could run mhonarc with
user ID instead of root ID but it will avoid only overwriting problem
but it will not prevent the access to unauthorized files (by
unauthorized, I mean file unreachable with http will be reachable
through mhonarc with "header" or "footer" ressource option : someone
may use it to include any file from any other web site in its ML
Also, if using Apache, configure it to not allow option
overrides, or restrict to a small subset of options, to prevent
security holes from malicious users.
As far as I know, there is no problem on this part.
You could also have mhonarc run in a chrooted environment so
file access is restricted to a subset of your file system.
It is also feasible, it should resolve all problems but it will be
more difficult to do this than to check file access in mhonarc
(more clearly, I do not ask you to do it for me, I am willing
to do it but I wanted to know if the problem has not been already
solved or if it makes sense). This is more difficult to solve for
a simple reason : we host around 150/200 K web site (I do not know
the exact figure) and around 6 K ML. I have to avoid loosing space
(in dupplicating needed files for chroot) and CPU/network
ressource (mounting/unmounting web site root directory in a
chrooted environnement). I just cannot find a good solution.
Right now, I think to add an option "rootressource" which would
set the directory containing files defined in ressources files.