In a message dated: Tue, 09 Oct 2001 20:50:12 EDT
John Tobey said:
>The way I would do this, and would not think of doing it any other
>way, is to put the main functionality into a module. The command line
>program just parses the command line and uses the module interface.
>The CGI just validates the form input and uses the module interface.
That's pretty much the way I've done things. I have been thinking
about pulling more of the functionality out of the main program and
putting it into a module (I've already modularized much of the
original command line program)
>The only monkey wrench might be the root privilege you mentioned is
>necessary.
Well, I've been thinking about that too. I'm thinking it'll be
possible to make the command line script sgid, and open open up the
group priviledges on the few files I need it to modify. I don't know
which is worse, opening up the group priviledges or having a suid root
program running from apache.
> If your web server is not already root (and please do
>spend some months reading up on Unix and Web security if it is),
No, it's running as nobody or webserver, or something else relatively
innocuous. Just to clarify, I'm well versed in basic sysadmin
security practises, it's the secure programming practises I'm not
fluent in, not having a tremendous amount of time to dedicate to
actually writing code :)
>then you should have only one way to get root, and that will probably
>involve the command line. I still might put it in a module, and have
>the module interact with the suid/sudo program, which would then be
>kept as dumb as possible.
sudo is a possibility, I hadn't really thought of that. But let me
ask this. I'm assuming with sudo, I'd set the "user" up to only run
the one command, and no require a password. What's the difference
between that and a suid root program running from apache? Other than
the fact that logging gets done by different/multiple entities and to
different/multiple locations (i.e. sudo and apache to syslog and
errors.log) I don't see much difference. Well, I suppose with a sudo
you have a finer grain of control over who runs the program than you
do with a suid. Hmmmm, not a bad idea. Thanks!
(sorry for thinking out loud there :)
--
Seeya,
Paul
----
God Bless America!
...we don't need to be perfect to be the best around,
and we never stop trying to be better.
Tom Clancy, The Bear and The Dragon
