Description
Since version 1.5.5 MoinMoin will set the process umask during the initial import of the request.py module. When running on top of mod_python this is an unsafe operation, as it affects any other Apache module or handler, or even other mod_python applications running within the same web server.
When MoinMoin is not running as it's own standalone server, it must not exhibit any behavior which can affect other applications running with the same process. The os.umask() is one such call which must be avoided.
This bug was apparently introduced as an unforeseen side-effect of fixing another security/race condition bug: MoinMoinBugs/FilePermissionsSetTooLate
-- -- DeronMeranda 2006-11-14 08:11:04
Steps to reproduce
Configure MoinMoin to run under a mod_python environment
- Set up any other Apache module, even another mod_python application, to run within the same webserver, but with a different URL prefix mapping.
- Have that other module open or create files, and notice that the file permissions may be affected from what is expected.
Details
MoinMoin Version |
1.5.5, 1.5.6 |
OS and Version |
Linux / Unix |
Python Version |
2.3.4 + |
Server Setup |
Apache + mod_python with a process-oriented MPM (such as worker) |
Server Details |
n/a |
Language you are using the wiki in (set in the browser/UserPreferences) |
en |
Workaround
If this bug affects you (meaning you are at least running more than just MoinMoin in your Apache), then your immediate choice is to use a pre-1.5.5 version or to comment out the setting of the umask via the os.umask() call at the top of the MoinMoin/request.py file (and thereby living with the other bug of having a minor potential security flaw/race condition).
Discussion
When running under mod_python, applications are in effect sharing the same process (and/or thread) resources as other potentially unrelated applications. It must therefore be friendly in it's changing process or thread global attributes; of which the process umask is one example.
Within mod_python some isolation can be provided by using the PythonInterpreter directive, which can (and should) be used to give MoinMoin it's own private Python VM runtime, separate from other mod_python applications. However this does not hide any operating-system level side-effects such as process and thread resources.
Plan
- Priority:
- Assigned to:
- Status: not a moin bug, but a limitation of mod_python. maybe use fastcgi, it is more secure and less problematic anyway.