Date: Wed, 10 Mar 2004 14:53:44 +0000 From: Peter Risdon <peter@circlesquared.com> To: Bjorn Eikeland <bjorn@eikeland.info> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: web based configuration as root or equivalent Message-ID: <404F2BF8.4020602@circlesquared.com> In-Reply-To: <opr3z3arb8omdbx5@localhost> References: <opr2ejvb1oomdbx5@localhost> <403E72C9.5010103@daleco.biz> <opr3z3arb8omdbx5@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a bit belated, but I have been thinking along similar lines and hope this might be of assistance... Bjorn Eikeland wrote: > På Thu, 26 Feb 2004 16:27:21 -0600, skrev Kevin D. Kinsey, DaleCo, > S.P. <kdk@daleco.biz>: > >> Bjorn Eikeland wrote: >> >>> I'm wanting to make a web based configuration tool for my wireless >>> routers >>> (setting up freebsd boxes to make a outdoor wlan) - ofcourse I can >>> use ssh >>> and webmin, but the configuration should be made even easier for less >>> technical users. >>> >>> I've read the how to use Webmin with apache, didnt quite folllow the >>> procedure, but bear with me.. >>> >>> chown scripts to root (chown -R root:root /var/www/cp) >>> chmod w/suid (chmod -R 755 /var/www/cp) >>> >>> add -U flag to perl line, what does this do? >> It lets perl run in Unsafe mode... man 1 perlrun says: -U allows Perl to do unsafe operations. Currently the only "unsafe" operations are the unlinking of directories while running as supe- ruser, and running setuid programs with fatal taint checks turned into warnings. Note that the -w switch (or the "$^W" variable) must be used along with this option to actually generate the taint-check warnings. I assume the relevant part of this with webmin is the bit about running setuid programs. >>> is there a php knob like this? >> Some people argue that php is pretty unsafe anyway. There is, as a consequence, the option of running php in safe mode, but I think this would prevent you from doing what you want to do here. Although some early holes have been closed, it might be the wrong language to use if you need to build a secure middleware application. Of running php scripts with root privileges, the php manual says: "A frequent security mistake made at this point is to allow apache root permissions, or to escalate apache's abilitites in some other way. Escalating the Apache user's permissions to root is extremely dangerous and may compromise the entire system, so sudo'ing, chroot'ing, or otherwise running as root should not be considered by those who are not security professionals." (http://www.php.net/manual/en/security.apache.php) I like php for web page generation, but am unhappy about giving a php script root privileges. My own solution is to write a script in perl (or even shell) that runs with root privileges and does the system reconfiguration, keep it well away from webspace, then have the php script execute it when appropriate. This is not a perfect solution, but at least it adds another layer. Where possible, I use php to set some configuration info and a flag either in a database or flat file, then cron the perl script, so updates are not immediate but the php script makes no direct call on anything that is setuid root. I also like to run this type of php script as cgi as opposed to mod_php so that: 1. It's in the (less accessible) cgi-bin and not the web document root. 2. It can run suexec (I normally work in multi-homed contexts and this way I can use ownership and permissions to hide it from all other users and to prevent them from executing it). If anyone wants to suggest any other security measures, I'd be all eyes. So an answer to your situation is that you could use php, and don't need to use an equivalent of perl's -U switch, but security issues need to be considered very carefully. PWR.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?404F2BF8.4020602>