[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: browser security



On Thu, 2005-12-15 at 03:02 +0100, Andreas Bartelt wrote:
> Hi,
> 
> James Strandboge wrote:
> ...
> >>While we're at systrace, I was wondering - could systrace reduce the risks 
> >>associated with running apache with PHP?
> > 
> > 
> > Default apache is already chrooted, so systracing it won't be as much of
> > a win as systracing processes not in a chroot.  That said, you can
> > definitely add another layer and protect your apache chroot area by
> > systracing it, sure.  chrooting and/or systracing every internet facing
> > server is not a bad idea at all.
> > 
> 
> Apache forks children with reduced priviledges (user www) while, at the 
> same time, there's always an Apache process running as root. Therefore, 
> a useful systrace policy for Apache probably won't be easy to write.

No, apache is not running as root, parent or children:

$ ps auxww|grep [h]ttpd
www       2651  0.0  0.3  1736  3368 ??  Ss     4Dec05    0:17.69 httpd:
parent [chroot /var/www] (httpd)
www      10443  0.0  0.3  1872  2612 ??  I      4Dec05    0:00.11 httpd:
child (httpd)
www      17711  0.0  0.3  1872  2564 ??  I      4Dec05    0:00.46 httpd:
child (httpd)
www      23046  0.0  0.3  1864  2644 ??  I      4Dec05    0:00.17 httpd:
child (httpd)
www      24669  0.0  0.3  1860  2564 ??  I      4Dec05    0:00.13 httpd:
child (httpd)
www        641  0.0  0.3  1852  2604 ??  I      4Dec05    0:00.19 httpd:
child (httpd)
www      25713  0.0  0.2  1840  2432 ??  I      4Dec05    0:00.25 httpd:
child (httpd)
www      13373  0.0  0.3  1860  2608 ??  I      4Dec05    0:00.09 httpd:
child (httpd)
www      11325  0.0  0.3  1860  2616 ??  I      4Dec05    0:00.14 httpd:
child (httpd)
www      31995  0.0  0.2  1836  2416 ??  I      4Dec05    0:00.22 httpd:
child (httpd)
www      25412  0.0  0.3  1864  2604 ??  I      4Dec05    0:00.23 httpd:
child (httpd)


As for systracing a process running as root-- I do it all the time and
the benefits are an effective jail for a root process.  If you are
concerned about a root process using setuid to a uid with lower
privilege, systrace can do that with no problem.

Jamie