Re: New module proposal: gnome-user-share

[David Zeuthen <david fubar dk>]

On Fri, 2008-10-24 at 15:16 +0200, Josselin Mouette wrote:
> I also think that Apache is a bad choice. If you need a good web server
> with DAV support, please think of lighttpd instead, or - much better -
> of a libsoup-based implementation.

There's also security issues to consider. 

One good thing about using Apache is the fact that there's a huge
dedicated security team in place for both reviewing and dealing with
vulnerabilities in highly predictable ways. Also, the distributors of
Apache typically provide good response time on integrating these fixes
just because Apache is so ubiquitous and people use it for traditional
HTTP duties on port 80.

Especially on distributions not using something like SELinux this is a
problem. Remember that with Mandatory Access Control (which e.g. SELinux
provides), you can confine the web server process spawned by g-u-s to
only access ~/Public. Without something like this (and too many people,
yours truly included, runs SELinux in permissive mode)... if there's a
vulnerability in the server used by gnome-user-share... then you're
effectively serving all the files that the user has access to (e.g.
$HOME including passwords stored in cleartext by Firefox (the default).
Result: Game over man!

All thismeans that it's very important that we use the most secure web
server we can get for gnome-user-share.

As I said, it's clear to me that Apache does meet our goals here. If you
want to propose something else, the burden is on you to provide evidence
that what you propose is not only reasonably secure, but also have good
processes in place for dealing with vulnerabilities.

(FWIW, I don't mean to belittle libsoup-as-a-server (my understanding is
that libsoup is mostly used as a client so that's where the focus is) or
the lighttpd teams. To be honest, I haven't looked at their security
track record security. I doubt most people in this thread have.)

      David