search

jvandal / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

Restrict where scripts are that daemon allow to run. #123

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
For daemon processes they are told by the Apache child worker processes what 
script to run. To 
prevent some arbitrary external process attaching to UNIX listener socket and 
telling it to run 
arbitrary scripts, there are secret keys which the Apache child worker 
processes know. This is used 
to generate a hash for specific scripts which the daemon process validates when 
it gets the request.

In order to make this more secure when daemon mode used in a paranoid admin 
environment, 
allow an option to be specified to WSGIDaemonProcess which says that the daemon 
process is only 
allow to run scripts within a certain directory or matching a certain file 
pattern. For example:

  WSGIDaemonProcess myapp user=appuser script-files=/home/appuser/scripts/*

Using this in conjunction with checks as to who is the owner of the script, 
would provide a good 
additional measure against backdoor attacks to get daemon to run arbitrary 
scripts.

Original issue reported on code.google.com by Graham.Dumpleton@gmail.com on 13 Jan 2009 at 10:35

GoogleCodeExporter commented 8 years ago 
Decided not to take action on this. If security needs to be improved the way in 
which the magic token is used 
should be reviewed instead.

Original comment by Graham.Dumpleton@gmail.com on 12 Mar 2009 at 5:05