On Tuesday 02 September 2003 15:44, Ryan Nowakowski wrote: > On Tue, Sep 02, 2003 at 01:38:24AM +0200, Christopher Taylor wrote: > > Jens Gutzeit wrote: > > >On Monday 01 September 2003 21:53, mario ohnewald wrote: > > >>What is the securest way of starting a application, like ping, from a > > >>webinterface as a diffrent user. > > > > what's wrong with making the program suid-to-some-other-user (not root) > > and then just executing it? I reallize this doesn't work for ping, which > > is suid-to-root anyway. > > Another option is to use the Net::Ping perl module instead of the ping > command itself. A secure, privilege-separated way to code this would be to have a daemon (yes, it could be a Perl daemon) that pings, rather than escalating runtime script to root unnecessarily. It could listen on localhost, and with a very simple protocol you could even authenticate with a shared secret. It runs as root, and pings on behalf of a simple protocol-speaking .php or .cgi. The privilege separation model seems smiled upon by many secure software designers. OpenSSH is one example of a production-grade implementation. J -- Joshua Goodall <joshua@myinternet.com.au> Solutions Architect / Principal Security Architect myinternet Limited.
Attachment:
pgpDMJE_Rd88T.pgp
Description: signature