Messages

Agreed. Thats a ton of work.

Reality is that according to shodan/censys around 30k systems worldwide have their webinterface exposed.
While some people deserve getting hacked I think that reducing the attack surface is a desirable goal for a 'network security solution' like opnsense. :-)

Hi

Due to all the vulnerabilities in $commercial_vendor_appliance lately I am thinking a lot about how we could reduce the attack surface in OpnSense.

One thing that bothers me is the Web Interface.. How can we reduce the harm if someone could exploit a vulnerability in it?
lightttpd runs as root currently so an attacker can do pretty much everything.
- write/modify files (backdooring php files for example)
- start new processes
- create network connections

I believe the harm would be greatly reduced if we would change lighttpd user to a different user that has very limited write permissions (not in webroot for example)

According to the documentation that should be doable:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_usernameDetails

Before I dig too deep into it:
- Did someone already do/try that?
- Is there a reason why lighttpd needs to run as root?
- yes it's not only about lighttpd but also php-cgi .. but let's just start with lighttpd