MoveableType migration
Jun 20 2002
Having finally worked around my previous concerns about low security, I gave into temptation and migrated some of my stuff to MovableType. In the long run it makes more sense, since KOW (my homegrown system) is much like MT without a decent interface, and well, a decent interface was the reason that I started on KOW anyway. Unfortunately, the first time I looked at MT I was turned away by two issues:
1 The publishing engine is inside the CGI interface requiring a chmod 0777 on all managed pages.
2 The comments engine dynamically rewrites pages in the web directories. This means that it is possible that when a user posts a comment, php (if you use php) pages are written into your web directories. That's a situation that makes web server administrators go “bang splat“. Plus, the links to the comments cgi script gives away the location of these all powerful scripts.
2 The comments engine dynamically rewrites pages in the web directories. This means that it is possible that when a user posts a comment, php (if you use php) pages are written into your web directories. That's a situation that makes web server administrators go “bang splat“. Plus, the links to the comments cgi script gives away the location of these all powerful scripts.
Now for some, especially those who come from a windows background, those two issues seem like excessive paranoia. However, consider a situation which is probably more likely that one would like to think. Imagine that a few months down the road a security hole is discovered in one of the cgi scripts that are packaged inside of MT. (And by the way, before Microsoft learned what unchecked buffers are, CGI holes ranked #1 in the exploited security holes category.) If you also consider that an MT directory is easily identifiable by searching for references to mt-comments.cgi inside of managed pages, it seems likely that such a hole would be quickly exploited en mass by web-crawling worms. And the fact that all the directories are writable to the web server's uid means that the worm will be much more likely to acquire privileges on the server that would make a sysadmin shutter.
So, before I could rely on MT for my content management and consequently make my life easier by setting KOW aside, I had to address these issues. The simpler of the two to solve was the chmod 0777 issues, which only required putting MT through an suexec wrapper, so that it ran as a user other than the web server and therefore published pages so that they are non-writable by the default web server uid. The downside is that by solving issue #1 in this way, I actually made issue #2 worse, since references to mt-comments.cgi now gives away the location of a set of cgi scripts that run as another (possibly more privileged) user. So on the second issue I punted and pulled out my commenting system from KOW. The user interface isn't near as elegant as the MT system, but at least my comments don't open me up to getting “r00t'd” by some script kiddie to show his Star Trek loving friends that he's “l33t”.
My next order of business is to get inside of MT's database files so that I can regain all the power I had when my postings were sitting inside a database server. In the long run I think it will be more rewarding tweaking MT than duplicating it. And, by the way, don't let the above criticism mislead you, MovableType is an absolutely incredible content management system (or personal publishing system, as they call it).