0
@@ -1,23 +1,18 @@
0
 Security of user switching support in Passenger
0
 ===============================================
0
 
0
-
0
-Introduction and problem description
0
-------------------------------------
0
-Passenger is an Apache module for Ruby on Rails support. When a URL of a Rails
0
-application is accessed, Passenger will be responsible for forwarding the HTTP
0
-request to the Rails application. Passenger does not run Rails applications
0
-directly in the Apache process. Instead, it launches Rails application servers.
0
-That is, Rails applications will be running as external processes. If a Rails
0
-application crashes, it will not affect Passenger.
0
-
0
-However, Rails application servers will be run in the same user context as
0
-Apache itself. On server machines which host multiple websites for multiple
0
-users, this may not be desired. All Rails applications launched by Passenger
0
-will be able to read and write to all directories that the web server can.
0
-So the Rails applications could, for example, read other peoples' database
0
-passwords, delete other peoples' files, or mess with the web server logs.
0
-This problem also typically plagues web hosts that host PHP via mod_php.
0
+Problem description
0
+-------------------
0
+TIP: It is strongly recommended that you first read our
0
+link:Architectural%20overview.html[Architectural Overview].
0
+
0
+A straightforward implementation of Passenger will spawn Rails applications in
0
+the same user context as Apache itself. On server machines which host multiple
0
+websites for multiple users, this may not be desired. All Rails applications
0
+spawned by Passenger will be able to read and write to all directories that the
0
+web server can. So for example, Joe's Rails applications could read Jane's
0
+Rails application's 'database.yml' or delete her application files. This is
0
+also a problem that typically plagues PHP web hosts.
0
 
0
 There are multiple ways to solve this problem. The goal of this document is to
0
 inform the reader about the solutions have we have analyzed, so that
0
@@ -60,8 +55,10 @@ Since Passenger has access to the control process, in the typical Apache setup,
0
 Passenger can already launch Rails applications as a different user. But now we
0
 have to ask this question:
0
 
0
-  If Apache is not running as root, are there still any Passenger users who
0
-  want to run Rails applications as different users?
0
+=================================
0
+If Apache is not running as root, are there still any Passenger users who
0
+want to run Rails applications as different users?
0
+=================================
0
 
0
 If the answer is yes, then we cannot use this method.
0
 
0
@@ -185,8 +182,9 @@ we have chosen to implement the <<apache_root,Running Apache as root>>
0
 solution, until a significant number of users request us to implement the
0
 <<setuid_root,setuid root wrapper>> solution.
0
 
0
-See the Ruby API documentation for the 'ApplicationSpawner' class for
0
-implementation details. In short: it will switch to the owner of the file
0
+Please read link:rdoc/index.html[the Ruby API documentation] -- in particular
0
+that of the 'ApplicationSpawner' class -- for implementation details. But to
0
+make a long story short: it will switch to the owner of the file
0
 'config/environment.rb'. User whitelisting/blacklisting is currently not
0
 implemented. We rely on the system administrator to set the correct owner
0
 on that file.

0
@@ -35,6 +35,18 @@ Passenger has been tested on:
0
 - MacOS X Tiger
0
 - MacOS X Leopard
0
 
0
+==== GNU Compiler Collection with C++ support ====
0
+
0
+The GNU Compiler Collection (GCC) must be installed, including $$C++$$ support
0
+(`$$g++$$`). You can check whether `$$g++$$` is installed by running the following
0
+command:
0
+----------
0
+g++ -v
0
+----------
0
+
0
+On most operating systems, `$$g++$$` is installed by default. If you're on MacOS X,
0
+then you will have to install Apple Developer Tools.
0
+
0
 ==== Apache with development headers ====
0
 
0
 Passenger requires Apache 2.x. Apache 1.x is not supported at the moment.