Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running Apache server on my machine, and I am unable to execute command that need root privileges, in this case running a program that writes to the parallel port. The program runs fine from the terminal with sudo or when logged in as root.
When I run on the server echo exec('whoami'), I get "nobody". The server was started as root.
Is there any way I can solve this problem using sudo? I need to pass the password for sudo within the exec() command, inside a PHP page.
I need to pass the password for sudo within the exec() command, inside a PHP page
AFAIK not unless you set up a proper Sudo Cmnd_Alias (make sure you scrub everything for parameter abuse) and give it to the user as a NOPASSWD entry.
A possible solution, depending upon your system would be to give the required privileges to the nobody user.
E.g. adding the user "nobody" to the "lp" group, which will normally have write permission to the parallel port.
e.g.
First check if there are any other groups that nobody is currently part of using the groups command. If there are then add these to a comma separated list as well as the lp group (although no need to include the group nobody which should be the users default group). usermod -G lp nobody
Depending upon what your program is doing it may not be that simple, but can work for some purposes.
A similar technique is used to give normal users access to the floppy drive, which is normally handled by default by most distros.
If it works this is more secure than allowing a webserver to run commands as root.
Different solutions, pros/cons:
-> basic sudo
pros:fine grain on which user is able to execute which executable
cons: possbility to use this feature out of apache. Not really a cons as far as I can see, depends on how everything is done.
->suphp
From what I read on their website, you configure suphp to run one php script with the privilege of a choosen user.
pros:can do a chroot, has extensive checks.
cons:you bring the suphp suid binary (not your php script) on your machine. you can couple it with sudo for a certain user if you don't like having suid on your machine runnable by everyone. Also you have to audit the complete suphp mechanism compared to sudo which is very small/tested.
->nobody is put in lp group
pros:very easy to implement
cons:every process that you can control execution (by means of a vuln or a self-made binary sent to the server) running in user nobody will be able to print hundred of pages with "fuc* off" on your printer (nice idea)
->run apache as root
pros: "no security for now", very quick
cons: your machine will be severly compromised in case of a vulnerability.
That's a very quick answer. Discussion is opened..
Cheers
ps: I prefer the method of sudo from unspawn I think , with a chrooted apache
@Calltor: I don't care about security
...so it apparently makes sense we all do, and so should you. Coding something w/o regard for security is a recipe for disaster, security ain't no "add-on", besides with anyone using PHP I'm twice as suspicious.
@NX5000: good comparison, WD. I agree introducing "extra" setuid binaries ain't a good start if you can avoid it, and you make a good point about chrooting. I fear the real problem starts with interaction between parts: scrubbing user input (which should never be trusted) and restrict supplying parameters. Sudo can restrict which arguments are allowed, but the "app" in front should do all the work essentially.
Somehow I get the idea we're stuck with another hit 'n run who will never read this...
I've said "I don't care about security this time", and not " I don't care about security at all", and this is because the server is accessiable only in my LAN, and all it has to do is to control some parallel port device I made. I do care about security when there is some reason to
Run the program as normal user. It attempts to open /var/log/debug which is something that a normal user normally can't do. The first attempt will fail because we canceled 'our' special permission.
Next we re-assign it and the result will be ok.
Code:
wim@btd-techweb01:~/progs/lq452660$ ./lq452660
uid=1000
euid=1000
Could not open file
uid=1000
euid=0
File opened
Please note:
Never keep the special permissions in your program longer than required. So assign just before you do something and immediately revoke again. That's also why it was initially revoked (in the beginning of the program).
Last edited by Wim Sturkenboom; 06-09-2006 at 08:43 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.