"
Hi
Due to all the vulnerabilities in $commercial_vendor_appliance lately I am thinking a lot about how we could reduce the attack surface in OpnSense.
One thing that bothers me is the Web Interface.. How can we reduce the harm if someone could exploit a vulnerability in it?
lightttpd runs as root currently so an attacker can do pretty much everything.
- write/modify files (backdooring php files for example)
- start new processes
- create network connections
I believe the harm would be greatly reduced if we would change lighttpd user to a different user that has very limited write permissions (not in webroot for example)
According to the documentation that should be doable:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_usernameDetails
Before I dig too deep into it:
- Did someone already do/try that?
- Is there a reason why lighttpd needs to run as root?
- yes it's not only about lighttpd but also php-cgi .. but let's just start with lighttpd
Due to all the vulnerabilities in $commercial_vendor_appliance lately I am thinking a lot about how we could reduce the attack surface in OpnSense.
One thing that bothers me is the Web Interface.. How can we reduce the harm if someone could exploit a vulnerability in it?
lightttpd runs as root currently so an attacker can do pretty much everything.
- write/modify files (backdooring php files for example)
- start new processes
- create network connections
I believe the harm would be greatly reduced if we would change lighttpd user to a different user that has very limited write permissions (not in webroot for example)
According to the documentation that should be doable:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_usernameDetails
Before I dig too deep into it:
- Did someone already do/try that?
- Is there a reason why lighttpd needs to run as root?
- yes it's not only about lighttpd but also php-cgi .. but let's just start with lighttpd
