Freeside installation problem

Ivan Kohler ivan at pouncequick.sisd.com
Fri Apr 17 03:36:59 PDT 1998


-----BEGIN PGP SIGNED MESSAGE-----

Sorry for the belated mail.

On Fri, 27 Mar 1998, Patrick Greenwell wrote:

> On Thu, 26 Mar 1998, Ivan Kohler wrote:
> 
> > > While understand the basic desire behind UID.pm, I cannot find a
> > > particularly good reason to do all the UID/GID gyrations. Is there a
> > > compelling reason not to run an iteration of the server as user freeside
> > > with appropriate authentication? 
> > 
> > The "UID/GID gyrations" are done to run as an unprivledged user (whatever
> > your web server is running as: nobody or www-data) most of the time,
> > switching to the more dangerous freeside user only for specific
> > tasks.  
> 
> Again, I understand the desire behind UID.pm, I was just curious as to
> what "dangerous" things user freeside does, not having had a chance to
> look through the source.

The freeside user, in the most automated of installations, can ssh as root
to several machines without a password (for example, to a shell machine in
order to update the passwd and shadow files).  Of course this has to be
explicitly setup.

The freeside user can read amd modify your customer data, including names,
addresses, and credit card numbers.

So in UID.pm and in the CGIs which use FS::UID, I only swap to the
freeside user when absolutely required, to update the database.  The
upshot is that there a smaller section of code which ever runs as the
freeside user, and another "layer" of security should there be a problem
with something outside that layer, like one of the Perl modules or the web
server. 

> > suExec in apache appears to provide similar functionality, though I don't
> > know if it leaves the ruid as nobody.  
> 
> suexec will refuse to work on an already setuid/setgid program.

If you're using suexec, presumably you wouldn't make the programs setuid.

> > It seems safer than running the server as the freeside user.
> 
> Well, as it does not operate on setuid/setgid programs it would leave the
> ruid/euid as "freeside" throughout the whole script, defeating the
> purpose of UID.pm  correct?
>
> So, back to square one. :-)

Not quite square one; at least the web server itself isn't running as the
freeisde user.

Another suggestion is to use wrapsuid from the perl distribution (in
examples/).  I'm not sure if it leaves the ruid correctly - if it does, it
would be the ideal soltuion for people having setuid script problems.

- -- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/
Simulation.  Do not drive in the ocean.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNTcwyr7OPBeQJv09AQEY1wP6A40BMzFqc9JAbOBjlJ8W4G34CVubXgBW
JnbK05zEvkJbnqWYU/ZELpudVfgllSKQhl8SJV55R61eTxM6hgseGfolskONXgrt
OPYLnbZGP/3nL+XzM28qCb8Dx0RiFmQQdcwuOAoR3+Lno8OVHSrj1QiJyn8h3yYd
OEWR4p+UNU8=
=9axQ
-----END PGP SIGNATURE-----




More information about the freeside-users mailing list