>> Yes, but your mod_python programs still run with the privileges of the >> Apache process, as are all the other mod_python programs. This means that >> my mod_python program can (at least) read files belonging to you - >> including your config file holding your database password.... > > I think a standard solution to this is to > associate each virtual host server to a > different port and have the main apache > redirect to the port. Inetd makes sure > that the vserver apache instance only > stays alive while it's needed. It might be > complicated to set up, but it works. > Again, something like this is probably > advisable anyway to limit the ways one > vserver can damage another generally > speaking.
Starting a new Apache process with python included (trough mod_python) is even worse than CGI. But it seems AppArmor supports secureing mod_python (and mod_php and mod_perl) with a special Apache module (and the AppArmor support in the Linux kernel - yes this is Linux only). http://developer.novell.com/wiki/index.php/Apparmor_FAQ#How_do_AppArmor_and_SELinux_compare_with_regard_to_webserver_protection.3F Now that it's GPL AppArmor seems to get a lot of supporters. -- damjan -- http://mail.python.org/mailman/listinfo/python-list
