[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: Running as nobody

To: minivend-users@minivend.com
Subject: Re: Running as nobody
From: "kyle@invisio.com" <kyle@invisio.com>
Date: Mon, 30 Aug 1999 21:18:53 -0500
In-Reply-To: <19990830182004.A1109@bill.minivend.com>
References: <Pine.LNX.3.96.990830144028.5682A-100000@sitehost4u.com><4.1.19990830130942.0098bdd0@invisio.com><Pine.LNX.3.96.990830144028.5682A-100000@sitehost4u.com>

At 06:20 PM 8/30/99 -0400, you wrote:
>******    message to minivend-users from mikeh@minivend.com     ******
>
>Quoting Erik Aase-Remedios (erik@fourfish.com):
>> 
>> Well here's my take on it.
>> 
>> If your webserver runs as nobody, than it has full access to any files
>> owned by nobody, and can execute any programs, delete and directories, and
>> alter any content owned by nobody.  Now, you probably don't have any file
>> deletion CGI's, etc... but it's best to limit the potential exposure
>> (there are tricks like buffer overflows that might allow the webserver to
>> do un-intended things for a cracker's advantage).
>> 
>> If you segment your system and isolate different tasks and duties to
>> different users, than they have less of a possibility to interfere with
>> each other.  With minivend there are certain things that you want the
>> webserver to NEVER have access to: the secret pgp keyring of the minivend
>> user, the order reports, the catalogs directory....
>> 
>> So install and run minivend as it's own user.  On a shared ISP system
>> install and run it as your login account.  The cgi will run as nobody and
>> communicate with the minivend daemon which runs as minivend (or you).
>> 
>> It's not at all about functionality as you could run everything as root,
>> which is what some other operating systems effectivly do, but that would
>> just be a really bad idea, and you would be very sorry you did it when
>> the first big problem comes along.
>
>I think I will add this to the docs if you don't mind. 8-) I tell people
>not to run it as "nobody", but they never believe me. This is exactly
>why....
>
>-- 
>Mike Heins                          http://www.minivend.com/  ___ 
>                                    Internet Robotics        |_ _|____
>                                    131 Willow Lane, Floor 2  | ||  _ \
>It's a little-known fact            Oxford, OH  45056         | || |_) |
>that the Y1K problem caused         <mikeh@minivend.com>     |___|  _ <
>the Dark Ages. -- unknown           513.523.7621 FAX 7501        |_| \_\
>-

Actually, I did believe you Mike! It was another isp that didn't believe!

 I just did not have a good way to explain to another isp exactly why 
Minivend should not be run as "nobody". After using this explanation
by Erik I was finally able to tell the other isp exactly why it should
not be run as "nobody". I just hope they understand and change
their credit card charging daemon which is currently being run
as "nobody" !!! In the mean time, I'm advising my customer not to
use their credit card charging system.


Thanks for the great explanation Erik!

(KC) Kyle Cook

(Kyle Cook)



http://www.invisio.com 
Web site design, database driven sites,
and shopping cart programming. 
Great sites, value priced!

References:
- Re: Running as nobody
  - From: Erik Aase-Remedios <erik@fourfish.com>
- Re: Running as nobody
  - From: "kyle@invisio.com" <kyle@invisio.com>
- Re: Running as nobody
  - From: mikeh@minivend.com

Prev by Date: What can Minivend Do?
Next by Date: RE: Way to monitor if minivend is hung
Prev by thread: Re: Running as nobody
Next by thread: Re: ht://Dig Versus Glimpse
Index(es):
- Date
- Thread