It provides an abstracted database and signature verification layer, basically. We’ve had a good chat about this on IRC, but, the PROBLEM that it does its best to solve it this:
- I am webuser.
- I can only write files as webuser.
- These files want to do stuff as root, and should be allowed to do so.
- But if an attacker is in as webuser, they should NOT be able to do stuff as root.
There’s a big chunk of privilege checking code in it, as well as a secondary db abstraction layer, and multiple integrity checks of itself, too. A reasonable chunk of it has been reimplemented in the validation class in hooks, but I got to a chicken-and-the-egg situation where it got too hard.
I have a list of stuff on my plate, and I do want to get to it, but it’s not going to be in the near future – this month, for example, is totally used up with Astricon and FreePBX DevCon in Wisconsin. Then when I get back here, I’ve got a bunch of core infrastructure stuff to work on (not much freepbx dev work time, unfortunately) which gets most of November and the beginning of December used up.
That’s why I’ve got ‘probably not this year’ in the 2nd post. I don’t want to get anyone’s hopes up.
Edit: To address the obvious ‘Why don’t you just use sudo’ question:
OK, so I want to run a command as root. If you were allowed to ‘sudo /var/www/html/admin/modules/firewall/hooks/command’, for example, you have immediately given webuser permission to run any command as root.
This is because from ‘/var/www/html/’ down, webuser can write to that directory. Even if you locked the permissions down of the ‘hooks’ directory, somehow, what’s stopping me, as webuser, from doing this:
cd /var/www/html/admin/modules/
mv firewall firewall.pwned
mkdir -p firewall/hooks
echo 'cp /bin/bash /tmp/bash && chmod 4755 /tmp/bash' > firewall/hooks/command1
chmod 755 firewall/hooks/command1
sudo firewall/hooks/command1
That’s a really basic example of why I can’t do that. Anyone who uses sudo to run a file that could potentially be changed by a non-root user - any non-root user - has created a gaping security hole like the one above.
MathsSecurity is hard. Let’s go shopping!