Chapter 14. Bulletproofing Servers In Chapter 10 we developed subroutines that perform some of the startup time tasks that are common among production servers in the UNIX environment, including disconnecting from the controlling terminal, autobackgrounding, and writing a copy of the server's PID to a run-time file. Together, these help to make network servers more manageable. Because of their position as a gateway to entry to the host, network daemons are particularly prone to opening security holes. There is much more that we can do to make network daemons bullet-proof. In addition to the techniques already discussed, a production server often implements one or more of the following useful features: Log status messages to the system error log. Change its UID to that of an unprivileged user. Activate taint checking. Use the chroot() call to isolate itself in a safe subdirectory. Handle the HUP signal by reinitializing itself.
We cover these techniques in this chapter and talk more generally about security problems with network daemons and how to avoid introducing them into your scripts. Most of the techniques discussed here are UNIX-specific. However, users of the Windows and Macintosh ports should read the subsection Direct Logging to a File in the first part of this chapter and the Taint Mode section, which discusses security issues that are common to all platforms. |
No comments:
Post a Comment