Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: can perl with sudo be 'secure enough'?

by jhourcle (Prior)
on May 18, 2005 at 11:57 UTC ( [id://458161]=note: print w/replies, xml ) Need Help??

in reply to can perl with sudo be 'secure enough'?

is there some more elegant way to let CGI-scripts somehow do administrative work on a machine?

I've used a few different methods.

If the response of the process isn't immediately important, you can have the CGI process write out a file, that a root owned process will check for, and complete the processing. The directory permissions were such that only the script in question could write to it. (I was using CGIwrap, as it was a netscape server)

If the process had to be run as root, just to modify files, I have set up the server to have abnormal permissions (using facls in Solaris, or just adjusting the files to g+w, and assigning the user to the relevent groups), so that the process didn't have to be run as root, but could be run as another special user that I created. (and again, was using CGIwrap, so I didn't have to give the permission to the user that the webserver was running as).

I've set up sudo to give users specific access, although I've never set it to be passwordless. I would think it would be okay, provided that you ensured that this was the only process that the user was allowed to run under sudo, and didn't do something like

nobody   ALL=(ALL) ALL

I'd probably still use CGIwrap (or suEXEC, if using Apache), so that I'm not giving permission to my entire webserver... but I'm paranoid, from having worked on multi-user systems.

would somehting like that be 'secure enough'

It's hard for us to make that judgement call. (Some folks would argue that the system isn't secure, because it's plugged into the network.) You would have to make the call if the benefits derived from this process are more significant than the potential risks from giving the webserver the ability to run it.

That's going to depend on just what it is that you're doing, and the company's value on it being done. (and the value if it were to stop working suddenly, or the whole webserver to stop working)

I also don't see any advantages to not taking any arguments -- if it's called from CGI, it gets input from environmental variables, not STDIN, so the process still may be subject to tainted input.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://458161]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (2)
As of 2024-04-20 11:32 GMT
Find Nodes?
    Voting Booth?

    No recent polls found