Re: Secure Webmin

I have a daemon process that runs as root. It has plugins for various tasks. At this time, those tasks are things like checking disk quota, requesting a higher quota etc.. It listens to a local unix socket and accepts commands over that socket.

How do you prevent an unprivileged user (other than the web server) accessing that socket to gain root rights?

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re: Secure Webmin

Replies are listed 'Best First'.
Re^2: Secure Webmin by pileofrogs (Priest) on May 29, 2009 at 22:11 UTC
My privileged daemon authenticates and validates just like any other server. It could be open on the internet and it would be OK. In practice, I have it listening on a unix socket, so only localhost can contact it, and I have the permissions restricted so only the web front-end can talk to it. The web front end is a Catalyst app running fast-cgi as a daemon process which talks to apache over a socket. This lets me run the web proces as yet another user, different from the web server user.	[reply]
Re^3: Secure Webmin by SwellJoe (Scribe) on May 30, 2009 at 11:16 UTC
How do you handle the authentication details for the root daemon?	[reply]