5

Can someone suggest some basic advice on dealing with web applications that interact with configuration files like httpd.conf, bind zone files, etc.

I understand that it's bad practice, in fact very dangerous to allow arbitrary execution of code without fully validating it and so on. But say you are tasked to write a small app that allows one to add vhosts to an apache configuration.

Do you have your code execute with full privileges, do you write future variables into a database and have a cron job (with full privileges) execute a script that pulls the vars from the database and throws them into a template config file, etc.

Some thoughts & contributions on this issue would be appreciated.

tl;dr - how can you securely write a web app to update/create entries in a config file like apache's httpd.conf, etc.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
Jones R
  • 51
  • 1

2 Answers2

1

I'm not a Unix security guru, but some basic things to think of:

  • Make sure your web app runs as a specific user, and make sure that user has privileged rights only to those files which it is supposed to modify.

  • Do not allow arbitrary inputs to be added to the files, have strict forms where each field is validated to contain only things it should contain, like a-z and 0-9 only, etc.

  • Use HTTPS to access the site.

I'm sure there is more to come from the real gurus.

Lennart Regebro
  • 167,292
  • 41
  • 224
  • 251
0

I understand that it's bad practice, in fact very dangerous to allow arbitrary execution of code without fully validating it and so on.

True.

But say you are tasked to write a small app that allows one to add vhosts to an apache configuration.

Unrelated to the first point. Totally unrelated. Indeed, why is the first point even in there?

Adding vhosts is a simple script. You simply write the script and get it to work. It requires extraordinary privileges. But it's not "arbitrary execution of code". And it will be "fully validatated" (Whatever that means. You write it. You validate it.)

This is not a good choice for a "web app". Nor is it a good choice for a daemon. Indeed, it's really hard to see the connection between "add vhosts to an apache configuration" and "web applications that control daemons."

It's just a script that just updates a file. Nothing special. It requires privileges, so only a select few people can run it. Nothing special there either. Use sudo.

Do you have your code execute with full privileges,

Obviously. The script can't update the vhosts without some privileges.

Unless by "your code" you don't mean the script that updates the vhosts. If you mean something else, like a web page which allows someone to runt he script which updates the vhosts. In which case, you've conflated the script with the web app that runs the script.

do you write future variables into a database and have a cron job (with full privileges) execute a script that pulls the vars from the database and throws them into a template config file, etc.

Sure. People do that. It seems terribly complex.

Use celery instead of rolling your own background processor. http://ask.github.com/celery/getting-started/introduction.html

S.Lott
  • 384,516
  • 81
  • 508
  • 779