Kaare Rasmussen suppressed wrote:
> >
> > Kaare, search for the directive SocketPerms
> >
> I"ve already looked at this setting. Sorry I forgot to tell about it.
>
> >
> > Temporarily set permissions at restart:
> > interchange -r SocketPerms=666
> >
> This is more unsecure than should be necessary. I'd like it to be only the
> specific user and group that are allowed access to the socket.
>
You could add the Apache user into Interchange's group (/etc/group)
and set the following in your Interchange.cfg file:
SocketPerms 0660
What's wrong with 0666 anyway? I consider that to be more secure
than allowing the Apache user to monkey around in Interchange's group.
You could consider switching to INET-mode, which doesn't rely upon
file permissions at all. For local users, I don't see the difference
(security-wise) between INET-mode and UNIX-mode with SocketPerms=0666.
If anyone reports an actual, potential or even theoretical security
exploit, in any part of the Interchange core, then it will be looked
into.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ suppressed
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.