First of all: the netlog code in pen 0.9. contains a buffer overflow.
It is possible that it is rootable, but I wouldn't wait to find out.
Upgrade now or turn off netlogging.
Now, this discovery, just a week after I finished reviewing the code for
bugs of this kind, had me thinking. It seems inevitable that bugs in new
code slip through every now and then. When that happens, we want the
potential damage to be as small as possible. For this reason, two options
were added to pen:
Run as a different user. To listen on privileged ports, pen must be
started by root, but that doesn't mean it has to run as root permanently.
This option allows pen to drop to an unprivileged user as soon as all the
startup plumbing is done. For best security, I recommend a user that
doesn't own any interesting files and isn't used for anything else. User
nobody is often used for the web server, which makes it a poor choice.
Run in a chroot environment. This makes it more difficult to fool the
process into accessing files outside the specified root directory.
To make use of these new features here at siag.nu, the following changes
useradd -m pen
cp /etc/hosts /home/pen/etc
Then the start script was modified like this:
case "$1" in
/usr/local/bin/pen -u pen -j $PENHOME \
-w /penstats.html -p /pen.pid \
-l alphabob:10000 \
siag:www siag-eth0-0:www alphabob:www
test -f $PENHOME/pen.pid && kill `cat $PENHOME/pen.pid`
echo "Usage: $0 start | stop | restart"
It was necessary to copy /etc/hosts, because that's where pen looks up
hostnames such as alphabob. I guess I could also have used IP addresses,
but that's less convenient.
The -j and -u options were added to penlogd as well, although that was
less necessary since penlogd has no business running on privileged ports
anyway, and should never be accessed from outside the server farm.
This archive was generated by hypermail 2.1.2 : Tue Jul 02 2002 - 14:51:55 CEST