[freeside] Free Side Error

Ivan Kohler ivan at sisd.com
Sat Jul 17 04:40:41 PDT 1999 

On Sat, Jul 17, 1999 at 02:13:14AM -0700, Mark Wells wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat, 17 Jul 1999, Ivan Kohler wrote:
> 
> > > I didn't know you could suid the CGI scripts.  As far as I know, suid only
> > > affects the effective uid, not the real uid.
> > 
> > By definition, yes.
> 
> So to get checkruid to shut up and let you run the program, you have to do
> one of the following:

I don't put checks, especially ones which die, in the code just for the
hell of it.  You shouldn't lightly cause them to "shut up and let you run
the program" - they are alerting you that something is so seriously
misconfigured that it isn't worth doing anything except giving up with an
informative error message.

> 1.  Run your web server as 'freeside'.

This is what you do in mod_perl configurations, where Perl is linked with
Apache instead of being started as a separate process.

> 2.  Set your uid to equal your euid, with something like "$< = $>;".

I believe I pointed out the &swapuid subroutine of UID.pm earlier.  Do a
grep for swapuid over the disribution, then make sure you know what the
euid and ruid are supposed to be at each point in the code before you
blindly suggest people modify that.  Hint: Most of the time, the euid and
ruid are swapped from their original state. 

> 3.  Modify checkruid.

Again, the checks are there for a reason.

One option you didn't mention, but which are mentioned in
htdocs/docs/install.html, is suExec, which is distributed with
Apache.  Another option which I don't think is yet documented anywhere, is
wrapsuid, which is distributed with Perl.

> Right?
> 
> > > Whether this is safe is another issue.
> > 
> > Very true.  I was very careful to code Freeside securely, and Perl is a
> > _much_ better "elevated privledges" environment than C or shell.  There
> > have been no reports of security problems with Freeside to date.  However,
> > it is possible that I missed something.  Please let me know if you are
> > aware of any possible problems. 
> 
> I certainly haven't found any.
> 
> BTW, I think it's interesting that you're pretty sure Freeside itself is
> secure, and you *still* put in a mechanism to make it refuse to run as a
                  ^^^^^^^
> user other than freeside.

I don't understand what you're attempting to point out here.  The
mechanism to make sure it is running as the freeside user is so that it
can read configuration files which are mode 600 and owned by the freeside
user.

> > No.  Don't do this.  (or at least don't ask me for support after you
> > cause yourself headaches by doing so)
> 
> Hey, I only said that if you didn't need checkruid at all and you wanted
> to completely disable it you could do that.  I'm not sure what else it
> might break.

But I am.

-- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key - <moc.dsis at navi> Relhok Navi
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too

More information about the freeside-users mailing list