web based configuration as root or equivalent

Peter Risdon peter at circlesquared.com
Wed Mar 10 06:51:00 PST 2004 

This is a bit belated, but I have been thinking along similar lines and 
hope this might be of assistance...

Bjorn Eikeland wrote:

> På Thu, 26 Feb 2004 16:27:21 -0600, skrev Kevin D. Kinsey, DaleCo, 
> S.P. <kdk at daleco.biz>:
>
>> Bjorn Eikeland wrote:
>>
>>> I'm wanting to make a web based configuration tool for my wireless 
>>> routers
>>> (setting up freebsd boxes to make a outdoor wlan) - ofcourse I can 
>>> use ssh
>>> and webmin, but the configuration should be made even easier for less
>>> technical users.
>>>
>>> I've read the how to use Webmin with apache, didnt quite folllow the
>>> procedure, but bear with me..
>>>
>>> chown scripts to root (chown -R root:root /var/www/cp)
>>> chmod w/suid (chmod -R 755 /var/www/cp)
>>>
>>> add -U flag to perl line, what does this do?
>>
It lets perl run in Unsafe mode... man 1 perlrun says:

       -U   allows Perl to do unsafe operations.  Currently the only 
"unsafe"
            operations are the unlinking of directories while running as 
supe-
            ruser, and running setuid programs with fatal taint checks 
turned
            into warnings.  Note that the -w switch (or the "$^W" variable)
            must be used along with this option to actually generate the
            taint-check warnings.

I assume the relevant part of this with webmin is the bit about running 
setuid programs.

>>> is there a php knob like this?
>>

Some people argue that php is pretty unsafe anyway. There is, as a 
consequence, the option of running php in safe mode, but I think this 
would prevent you from doing what you want to do here. Although some 
early holes have been closed, it might be the wrong language to use if 
you need to build a secure middleware application. Of running php 
scripts with root privileges, the php manual says:

"A frequent security mistake made at this point is to allow apache root 
permissions, or to escalate apache's abilitites in some other way.

Escalating the Apache user's permissions to root is extremely dangerous 
and may compromise the entire system, so sudo'ing, chroot'ing, or 
otherwise running as root should not be considered by those who are not 
security professionals."

(http://www.php.net/manual/en/security.apache.php)

I like php for web page generation, but am unhappy about giving a php 
script root privileges. My own solution is to write a script in perl (or 
even shell) that runs with root privileges and does the system 
reconfiguration, keep it well away from webspace, then have the php 
script execute it when appropriate. This is not a perfect solution, but 
at least it adds another layer. Where possible, I use php to set some 
configuration info and a flag either in a database or flat file, then 
cron the perl script, so updates are not immediate but the php script 
makes no direct call on anything that is setuid root.

I also like to run this type of php script as cgi as opposed to mod_php 
so that:

1. It's in the (less accessible) cgi-bin and not the web document root.

2. It can run suexec (I normally work in multi-homed contexts and this 
way I can use ownership and permissions to hide it from all other users 
and to prevent them from executing it).

If anyone wants to suggest any other security measures, I'd be all eyes.

So an answer to your situation is that you could use php, and don't need 
to use an equivalent of perl's -U switch, but security issues need to be 
considered very carefully.

PWR.

More information about the freebsd-questions mailing list