Re: hardening window against NewsBruiser

From: Owen Taylor <otaylor redhat com>
To: Jeff Waugh <jdub perkypants org>
Cc: gnome-sysadmin gnome org, gnome-infrastructure gnome org
Subject: Re: hardening window against NewsBruiser
Date: Thu, 08 Dec 2005 17:49:31 -0500

On Fri, 2005-12-09 at 09:37 +1100, Jeff Waugh wrote:
> <quote who="Owen Taylor">
> 
> > If someone wants to investigate further, what I'd suggest is:
> > 
> >  - Do it on a different machine, not on gnome.org (though if it is
> >    old-Apache buginess, that could be a problem for reproduction.)
> > 
> >  - Write a simple Python cgi that a) logs when it is called b)
> >    returns a small amount of data with content type and content
> >    length.
> > 
> >  - Try to get it's results cached via the memory cache.
> 
> Different tack: Patch NB to serve public attachments statically, avoiding
> the whole issue. At that point, you won't even need the memory cache (in
> most cases) because Apache will be doing the work for you.

I assume what you mean here is have NB put out URLs pointing to
attachments that can be served statically. You might actually be
able to do it with mod_rewrite ... the cases I hand-did were:

/attachment/alexl/2005/12/07/0/search0.png 
/var/www/blogs.gnome.org/NewsBruiserData/alexl/attachments/2005/12/07-0/search0.png

So, A) if it's always like that and B) if there are no access controls
going on inside NB, then it should be manageable with mod_rewrite.

Regards,
						Owen

Follow-Ups:
- Re: hardening window against NewsBruiser
  - From: Jeff Waugh
- Re: hardening window against NewsBruiser
  - From: James Henstridge

References:
- hardening window against NewsBruiser
  - From: Kurt von Finck
- Re: hardening window against NewsBruiser
  - From: Owen Taylor
- Re: hardening window against NewsBruiser
  - From: Jeff Waugh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]