[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RaQ2: Default user access/site permissions
- Subject: RE: [cobalt-security] RaQ2: Default user access/site permissions
- From: Matthias Pigulla <mp@xxxxxxxxxxxxx>
- Date: Sat, 26 Aug 2000 12:39:29 +0200
Hi admins,
> -----Original Message-----
> I too would like to set up all the web files to be owned by owner and
> grouped by httpd or mosaic and eliminate world privs, but I can't
> figure out how to do it with out bringing the rest of the features to
> their knees. My sad, but simple solution--No Telnet Access to anyone
> but me.
Hm, telnet access isn't a good choice anyway, use ssh :-). However, this
policy does not really help here for everyone who is able to run CGI and the
like on your machine can read the directories and files. I've already seen
"file system explorers" written in PHP - with no malicious intension!
However, these tools could be installed by any customer if you're hosting on
Cobalt machines, and could be used to browse all other customers
directories.
> One thing is certain, the various possibilities for small-to-medium
> scale web hosting of unrelated/unaffiliated clients was not even
> considered from this perspective by Cobalt Prod Mgmt and thereby
> constitutes a major security issues. <-- Boy would I like to prod
> them.
Yeah, you're right. Just recall the old admin user/32 group permissions
issue... I'm sure they ran into this when they started selling the RaQs to
ISPs, claiming that they would be suitable web hosting >:-). At the moment,
I don't really think one should recommend ISPs Cobalts for hosting, at least
not for customers with sensitive information or mission-critical
applications.
Maybe the UI is simple to use, allright. However, when web hosting is your
business, you should be familiar with Linux/Solaris/... administration tasks
and should not need a UI for that, except for making tasks more easy. I
found that when trying to tweak my RaQs, the UI and related administration
stuff imposes more restrictions than it is use.
OK, I've been a bit off topic by now. Concerning our issue: What about
setting the /home/siteX directories to httpd:siteX, chmod 2750, and all
files below them to [user]:siteX and either 640/750 or 644/755 if they have
to be httpd readable?
I think would block "foreign" users from entering other customers (yeah,
sites = customers :) directories. The http daemon could get the directories
for he owns them and does not need to be siteX group member.
The siteX's are granted access by the siteX group they belong to.
Admin would have to be part of alle site groups, and he already is.
I'm not sure wheter this would open another hole - you MUST make sure that
NOBODY (at least no untrusted user) is able to run processes as http, or he
could take over the whole site directory. So you must wrap all CGI
processes.
What do you think about that?
Regards,
Matthias
--
w e b f a c t o r y G m b H
Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233