Verify script permissions etc against daemon process owner.

[GoogleCodeExporter]

Add optionally enabled feature whereby a WSGI script file would only be 
accepted and used when 
certain conditions related to the WSGI script file are met. These conditions 
would include such 
things as:

1. The directory containing the script being owned by the user that the daemon 
process is 
running.

2. The directory containing the script is not writable by any users besides 
that which the daemon 
process runs as.

2. The script file is owned by the user that the daemon process is running as 
and the script file is 
not writable by any other users.

3. The script file is not setuid or setgid.

The idea here is that when using daemon mode with each daemon process group 
running as a 
different user that only scripts totally under the control of that user will be 
able to be used. This 
would limit the ability of other users to cause scripts to be executed in the 
context of another 
users daemon process.

These conditions come from some of the checks that suEXEC performs. Is possible 
that there 
may be other checks that suEXEC does that could also be applied.

Original issue reported on code.google.com by Graham.Dumpleton@gmail.com on 9 Aug 2008 at 7:16

[GoogleCodeExporter]

The setuid and setgid checks aren't necessary as aren't executing the script 
anyway.

Original comment by Graham.Dumpleton@gmail.com on 7 Sep 2008 at 5:06

[GoogleCodeExporter]

More flexible idea may to have option be called 'script-owner'. This would 
effectively default to '*' which 
would mean don't care who owns file and with no other checks.

If the option is set to a single user name/id, then script file must be owned 
by that user. Plus, the directory 
must also be owned by that user and directory must not be writable to group or 
others.

Slightly relaxed version would be to allow multiple user name/ids to be listed 
separated by commas. In this 
case the script file must be owned by one of the list users. There would be no 
checks on who is owner of 
directory or whether directory writable by group or others.

The case of a single user would be like suEXEC checks.

For case of more than one user being listed, expected that group would have to 
be writable to allow the 
different users to add scripts to the directory. This option would be useful 
where applications run as a special 
user different to all the people who work on the application, yet the users 
still need to be able to change the 
scripts.

Original comment by Graham.Dumpleton@gmail.com on 13 Jan 2009 at 10:26

[GoogleCodeExporter]

Support for script-user and script-group options committed in various updates 
ending with r1167.

For script-user, must be one user listed. That user must be owner of script and 
the directory script is in. The 
script file and directory must not be writable to group or world.

For script-group, must be one group listed. That group must match group of 
script and directory script is in. The 
script file and directory must not be writable to world.

Original comment by Graham.Dumpleton@gmail.com on 27 Jan 2009 at 1:24

• Changed state: Started
• Added labels: Milestone-Release3.0

[GoogleCodeExporter]

Version 3.0 of mod_wsgi now released with these changes.

Original comment by Graham.Dumpleton@gmail.com on 22 Nov 2009 at 2:55

• Changed state: Fixed