Re: Very basic security question:

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Tue, Jan 21, 2003 at 05:33:41AM +0000, Ing. Bernardo Lopez wrote:
> How secure could be my webserver if i allow some php scripts to modify
> the file (directly) /etc/passwd & /etc/shadow but my script will only
> allow to modify the line of the loged user (like userid=visitor, then he
> only can see/modify visitor's line)??
>
> It is secure, if i enforce very enougth the security of the script... or
> this stills being a stupid option?
>
> Also if i use that script only for modify the permisions of ftp's users
> it stills unsecure? (if the ftpd runs whit a very unpriviligiated uid?)

To modify the shadow password file, you would need to run the PHP
program (in most cases the web server) as root.  Which isn't secure
(to put it mildly).  Or you would need to allow the web server to have
read and write access to the shadow file as its regular user, which
isn't secure.

Though shalt not let network services alter any critical files is the
best approach.

What is normally done by myself and others I have talked to is a PHP
gateway server.  You would write a daemon that your PHP code talks to
via a Unix domain socket.  The protocol you use to talk to your daemon
would include a username and password (so the deamon can ensure it is
talking to an authorized user).

Any PHP script could talk to the daemon (most wouldn't know it
exists), but because you have kept the deamon simple, and with a rigid
unforgiving protocol the deamon will be much better - safe code wise -
than your PHP script could ever hope to be.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science