Webmin-alike cgi script and security
Andreas Kostyrka
andreas at kostyrka.priv.at
Sat Jul 27 16:11:10 EDT 2002
Am Mon, 2002-07-22 um 16.13 schrieb Dave Swegen:
> On Mon, Jul 22, 2002 at 06:08:26PM +0400, Denis S. Otkidach wrote:
> > Adding webserver default user to sudoers is a bad thing anyway.
> > It's better to use suexec with unique user, that will be used for
> > this script only.
>
> Thanks, this is exactly the sort of info I'm looking for.
Also, depending if "local-attackers" are a likely scenario, you might
think about using marshal:
+ does not execute code upon load
- loads code objects
- supports only basic data structures. Experience shows that for this
kind a marshaled dictionary is usually ok.
You should consider also if the filebased approach is best.
For example AF_UNIX sockets support authentication.
You could also pipe the data into the sudo process, and read the answer
back from it.
Should you go with the file based approach, you should check:
-) that the file is only writeable and readable by the "webuser".
(or somebody else might be tricking us into doing the wrong thing.)
-) that the file is in a directory only writeable by the "webuser".
(again, somebody might fool as with a symlink)
Basically be as paranoid as you can be.
Andreas
More information about the Python-list
mailing list