From: Joe C. <jo...@sw...> - 2001-02-09 05:46:14
|
Hey folks, What are the gotchas I should look out for when setting up an online (completely accessible to the internet) Webmin? I don't think Webmin ACLs even begin to address the security issues with this plan...so I'm going to go to much greater lengths to insure that no damage can be done by Webmin. My plan is to only include a few specific modules, which will be hardcoded to edit fake configuration files--possibly new randomly named ones for every user. I've even considered running a new instance of Webmin for each user, in a tmp directory, on a randomly selected port from a pool for directories...this addresses the problem of locking and multiple users playing with the same configuration options at the same time. Obviously, I don't want to run it as root, so what do I need to modify to run it as a thoroughly unpriviledged user? I'm thinking I will create a chrooted environment for a "webmin-demo" user account with no permissions other than reading and writing to the new and fake environment. Anyone done something like this? Are there any examples of Webmins that have been modified for demonstration use? Anyone have ideas for how this might be implemented simply, elegantly, and in 25 lines of perl? ;-) I've only begun thinking about this, so I'm not committed to any one plan of attack. I welcome any and all pointers. Thanks! -- Joe Cooper <jo...@sw...> Affordable Web Caching Proxy Appliances http://www.swelltech.com |
From: Jamie C. <jca...@we...> - 2001-02-09 06:35:49
|
Joe Cooper wrote: > > Hey folks, > > What are the gotchas I should look out for when setting up an online > (completely accessible to the internet) Webmin? I don't think Webmin > ACLs even begin to address the security issues with this plan...so I'm > going to go to much greater lengths to insure that no damage can be done > by Webmin. > > My plan is to only include a few specific modules, which will be > hardcoded to edit fake configuration files--possibly new randomly named > ones for every user. I've even considered running a new instance of > Webmin for each user, in a tmp directory, on a randomly selected port > from a pool for directories...this addresses the problem of locking and > multiple users playing with the same configuration options at the same time. > > Obviously, I don't want to run it as root, so what do I need to modify > to run it as a thoroughly unpriviledged user? I'm thinking I will > create a chrooted environment for a "webmin-demo" user account with no > permissions other than reading and writing to the new and fake environment. > > Anyone done something like this? Are there any examples of Webmins that > have been modified for demonstration use? > > Anyone have ideas for how this might be implemented simply, elegantly, > and in 25 lines of perl? ;-) > > I've only begun thinking about this, so I'm not committed to any one > plan of attack. I welcome any and all pointers. I'd suggest at a minimum running it as an unprivileged unix user, and granting login access only to a webmin user who cannot change the config of any module (or access the webmin users module). A chroot environment would be good, but you wouldn't want the demo users to be able to screw up the demo for each other, so maybe even that wouldn't be enough .. Unfortunately, webmin wasn't designed for this and I don't know of anyone who has set it up. My suggestion would be to set up a chroot'd, non-root demo and then see what bad things the demo user can do :) - Jamie |
From: Philippe B. <bar...@ag...> - 2001-02-09 07:54:59
|
Hi, I would chroot the webmin instance. my 2 cents On Thu, Feb 08, 2001 at 11:53:57PM -0600, Joe Cooper wrote: > Hey folks, > > What are the gotchas I should look out for when setting up an online > (completely accessible to the internet) Webmin? I don't think Webmin > ACLs even begin to address the security issues with this plan...so I'm > going to go to much greater lengths to insure that no damage can be done > by Webmin. > > My plan is to only include a few specific modules, which will be > hardcoded to edit fake configuration files--possibly new randomly named > ones for every user. I've even considered running a new instance of > Webmin for each user, in a tmp directory, on a randomly selected port > from a pool for directories...this addresses the problem of locking and > multiple users playing with the same configuration options at the same time. > > Obviously, I don't want to run it as root, so what do I need to modify > to run it as a thoroughly unpriviledged user? I'm thinking I will > create a chrooted environment for a "webmin-demo" user account with no > permissions other than reading and writing to the new and fake environment. > > Anyone done something like this? Are there any examples of Webmins that > have been modified for demonstration use? > > Anyone have ideas for how this might be implemented simply, elegantly, > and in 25 lines of perl? ;-) > > I've only begun thinking about this, so I'm not committed to any one > plan of attack. I welcome any and all pointers. > > Thanks! > -- > Joe Cooper <jo...@sw...> > Affordable Web Caching Proxy Appliances > http://www.swelltech.com > > > - > Forwarded by the Webmin development list at web...@we... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-devel > > -- Philippe BARNETCHE AGISphere 14, Boulevard Vital Bouhot 92200 NEUILLY/SEINE 01 47 45 99 92 06 10 01 68 11 "He who sacrifices functionality for ease of use loses both and deserves neither." |
From: Philippe B. <bar...@ag...> - 2001-02-09 08:31:59
|
answering myself. sorry about my post, next time I'll read the post entirely... On Fri, Feb 09, 2001 at 08:54:35AM +0100, Philippe BARNETCHE wrote: > Hi, > > I would chroot the webmin instance. > > my 2 cents > > On Thu, Feb 08, 2001 at 11:53:57PM -0600, Joe Cooper wrote: > > Hey folks, > > > > What are the gotchas I should look out for when setting up an online > > (completely accessible to the internet) Webmin? I don't think Webmin > > ACLs even begin to address the security issues with this plan...so I'm > > going to go to much greater lengths to insure that no damage can be done > > by Webmin. > > > > My plan is to only include a few specific modules, which will be > > hardcoded to edit fake configuration files--possibly new randomly named > > ones for every user. I've even considered running a new instance of > > Webmin for each user, in a tmp directory, on a randomly selected port > > from a pool for directories...this addresses the problem of locking and > > multiple users playing with the same configuration options at the same time. > > > > Obviously, I don't want to run it as root, so what do I need to modify > > to run it as a thoroughly unpriviledged user? I'm thinking I will > > create a chrooted environment for a "webmin-demo" user account with no > > permissions other than reading and writing to the new and fake environment. > > > > Anyone done something like this? Are there any examples of Webmins that > > have been modified for demonstration use? > > > > Anyone have ideas for how this might be implemented simply, elegantly, > > and in 25 lines of perl? ;-) > > > > I've only begun thinking about this, so I'm not committed to any one > > plan of attack. I welcome any and all pointers. > > > > Thanks! > > -- > > Joe Cooper <jo...@sw...> > > Affordable Web Caching Proxy Appliances > > http://www.swelltech.com > > > > > > - > > Forwarded by the Webmin development list at web...@we... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-devel > > > > > > -- > Philippe BARNETCHE > > AGISphere > 14, Boulevard Vital Bouhot > 92200 NEUILLY/SEINE > 01 47 45 99 92 > 06 10 01 68 11 > > "He who sacrifices functionality for ease of use > loses both and deserves neither." > > - > Forwarded by the Webmin development list at web...@we... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-devel > > -- Philippe BARNETCHE AGISphere 14, Boulevard Vital Bouhot 92200 NEUILLY/SEINE 01 47 45 99 92 06 10 01 68 11 "He who sacrifices functionality for ease of use loses both and deserves neither." |