root / pykota / trunk / SECURITY @ 992

Revision 992, 4.5 kB (checked in by jalet, 21 years ago)

Safer CGI configuration.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quota for CUPS and LPRng
4
5(c) 2003 Jerome Alet <alet@librelogiciel.com>
6This program is free software; you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation; either version 2 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program; if not, write to the Free Software
18Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
19
20====================================================================
21
22  These recommandations are there because as of April 28th 2003
23  PyKota doesn't enforce them. You may or may not follow them,
24  depending on your user's IT knowledge, how much your trust them,
25  etc...
26 
27====================================================================
28
29How to improve PyKota's security :
30----------------------------------
31
32  - Ensure that only the user your printing system is run as can
33    execute the pykota filter. Depending on your system's configuration,
34    this may give something like :
35   
36      $ chown lp.daemon /usr/bin/pykota
37      $ chmod 700 /usr/bin/pykota
38     
39    If any user could run the pykota filter, then he theorically could
40    forbid any other user to print by incorrectly charging them for
41    pages they would never have printed.
42   
43  - Ensure that only the print quota administrator (e.g. root) can
44    execute the edpykota and warnpykota commands. Depending on your
45    system's configuration, this may give something like :
46   
47      $ chown root.root /usr/bin/edpykota /usr/bin/warnpykota
48      $ chmod 700 /usr/bin/edpykota /usr/bin/warnpykota
49     
50    or   
51   
52      $ chown root.lpadmin /usr/bin/edpykota /usr/bin/warnpykota
53      $ chmod 750 /usr/bin/edpykota /usr/bin/warnpykota
54     
55    If any user could run warnpykota, then he could fill the mailboxes
56    of all users who are above quota, by repeatedly running warnpykota.
57   
58    If any user could run edpykota, then he could, in the better case,
59    set his account to noquota mode. In the worst case he could render
60    PyKota and/or your printing system completely inoperative.
61   
62  - Ensure that no regular user can read PyKota's configuration file,
63    but that both the print quota administrator and the user the
64    printing system is run as can read it. Depending on your system's
65    configuration, this may give something like :
66   
67      $ chown lp.lpadmin /etc/pykota.conf
68      $ chmod 640 /etc/pykota.conf
69   
70    If the print quota administrator is root then he will always be
71    able to read PyKota's configuration file.
72   
73    Letting any user read PyKota's configuration file may expose
74    passwords or database information which would allow direct
75    connections to it if the user can write and execute his own
76    scripts or download and execute his own version of PyKota.
77 
78    NB : If you use the printquota.cgi CGI script, ensure that
79         the user this script is run as (e.g. nobody or www-data)
80         can read PyKota's configuration file too, for example
81         by putting www-data in the lpadmin group.
82         WARNING : putting www-data in the lpadmin group so that
83         the CGI script can read the /etc/pykota.conf file is
84         dangerous. If any user can create CGI scripts launchable
85         as www-data then he could steal a copy of the /etc/pykota.conf
86         file and learn database and database users' name and passwords.
87         The best solution is probably to create a pykota system
88         account and run the CGI script as this user using Apache's SuEXEC
89         facility. Refer to Apache's documentation for details.
90 
91  - Secure your database connection :
92 
93    Depending on the database backend used (currently only PostgreSQL
94    is supported), you may have to take additionnal measures to render
95    your database more secure. Please refer to your database system's
96    documentation on configuration to learn how to do so. This is out
97    of the scope of the present document.
98   
99    Keep in mind that if you use a centralized database, you may have
100    to restrict which hosts can access to it (i.e. the Print Servers).
101   
102   
103====================================================================
Note: See TracBrowser for help on using the browser.