RE: [cobalt-security] RaQ2/3: Default user access/site permissions

["Matthias Pigulla" <mp@xxxxxxxxxxxxx>]

Hi Michelle,

this also affects RaQ3 machines.

> Is there any reason why I can't chmod all of the sites in my
> /home/sites directory not to be readable/executable by other?  I
> don't see any reason why a person who has telnet access to the
> machine should be allowed to traipse through other sites on the
> machine.

I think some of us would like to set the permissions as you described,
at least I do - I consider security (if you want, call it privacy in
this context) important.

The current setup is a p*-i-t-a*, but necessary: The files are set to
belong to their creators; group permission is needed for group access
which is the 'site[x]'-group for hosted sites.
The "others" privilege is used for the web server (httpd) itself.

That means that EVERYbody is able to read a site's files, at least those
files that have to be served/accessed by the webserver.

Among these are (usually, nowadays) PHP or PERL scripts; these almost
always contain passwords for database access (e. g. MySQL, Postgres).
Everybody with "local" access to your machine is able to read these
files. "local" access means: shell (telnet, ssh), but also CGI, PHP and
the like - it does not matter wheter you have PHP built as a module or
not or wheter you run CGIwarp and the like.

I consider this _VERY_ bad. For exactly this reason I avoid hosting of
sensitive data or data that is subject to privacy policies and the like
on Cobalt machines - all other customers on the same machine can (if
they want to) access it.

Idea: One could revoke the "others" permissions and have the webserver
run as root. Just compile Apache with the -DBIG_SECURITY_HOLE flag set.
>:-)

Any ideas, anyone?

Just my $0.02. Regards,
Matthias
--

 w e b f a c t o r y   G m b H
   Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
   Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
   Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233