[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: Running as nobody
Quoting Erik Aase-Remedios (erik@fourfish.com):
>
> Well here's my take on it.
>
> If your webserver runs as nobody, than it has full access to any files
> owned by nobody, and can execute any programs, delete and directories, and
> alter any content owned by nobody. Now, you probably don't have any file
> deletion CGI's, etc... but it's best to limit the potential exposure
> (there are tricks like buffer overflows that might allow the webserver to
> do un-intended things for a cracker's advantage).
>
> If you segment your system and isolate different tasks and duties to
> different users, than they have less of a possibility to interfere with
> each other. With minivend there are certain things that you want the
> webserver to NEVER have access to: the secret pgp keyring of the minivend
> user, the order reports, the catalogs directory....
>
> So install and run minivend as it's own user. On a shared ISP system
> install and run it as your login account. The cgi will run as nobody and
> communicate with the minivend daemon which runs as minivend (or you).
>
> It's not at all about functionality as you could run everything as root,
> which is what some other operating systems effectivly do, but that would
> just be a really bad idea, and you would be very sorry you did it when
> the first big problem comes along.
I think I will add this to the docs if you don't mind. 8-) I tell people
not to run it as "nobody", but they never believe me. This is exactly
why....
--
Mike Heins http://www.minivend.com/ ___
Internet Robotics |_ _|____
131 Willow Lane, Floor 2 | || _ \
It's a little-known fact Oxford, OH 45056 | || |_) |
that the Y1K problem caused <mikeh@minivend.com> |___| _ <
the Dark Ages. -- unknown 513.523.7621 FAX 7501 |_| \_\
