++

Interesting post! I really don't know anything about webmin. I just know I've heard bad rumours, which could be totally unfounded, and then seeing that everything runs as root and yikes! Maybe I'm just scared of the big bad root wolf.

I didn't actually set out to make an alternative to webmin, I just started solving problems at work and over time an alternative webmin began to evolve. I've seen posts from people saying "I want an alternative to webmin" and I said to myself "Hey, I have one of those laying around here..."

How is my privileged server more secure than webmin's privileged server: Two reasons. First, it does less. Fewer lines of code running as root means fewer bugs that translate to root compromise. Second, by not handling HTML, HTTP etc.. etc.. and instead handling only a simplified restrictive RPC-ish protocol, the job of discriminating between legitimate input and illegitimate is much simpler. It doesn't have to be forgiving of users and web browsers like a web interface does.

And no, this doesn't solve the XSS problems at all. Maybe it just solves a PR problem.

I wonder how hard it would be to make webmin itself use privilege separation? If you followed the same idea as I have, you'd take out the web server code and replace it with RPC-of-choice code, JSON RPC, YAML, SOAP, whatever... Really simple stuff in practice. Then take the web code and build it into a separate non-root app that talks your RPC protocol with the privileged webmin bit. One of the drawbacks is you have to authenticate everything twice. Once in the web server and once in the privileged server. That doesn't bother me, but it might have repercussions I haven't thought of.

Does that sound totally crazy? I'll take a look at the webmin code and see if I can see a way to do that...

Updated: added "How is my privileged server more secure than webmin's privileged server" paragraph.

In reply to Re^2: Secure Webmin by pileofrogs
in thread Secure Webmin by pileofrogs

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.