Project

General

Profile

Actions
Copy link

Feature #4533

open

nfd-status-http-server: run as non-root

Added by Junxiao Shi about 6 years ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Ubuntu-PPA
Start date:
Due date:
% Done:

50%

Estimated time:
2.00 h
Tags:
systemd

Description

Currently, nfd-status-http-server is running as root.
It is unsafe to run a web server as root.
This service should use ndn user instead.

Actions
Copy link
 #1

Updated by Junxiao Shi about 6 years ago

nfd-status-http-server listens on port 80 by default, which requires root privilege.
One solution is to let the process listen on port 6380.
If necessary, the startup script can redirect port 80 to 6380 with iptables.

Actions
Copy link
 #2

Updated by Junxiao Shi about 6 years ago

Workaround when not using port<1024:

  1. sudo systemctl stop nfd-status-http-server.
  2. In /lib/systemd/system/nfd-status-http-server.service, insert User=ndn under [Service].
  3. sudo chown ndn:ndn /var/lib/ndn/nfd-status-http-server.
  4. sudo systemctl daemon-reload.
  5. sudo systemctl start nfd-status-http-server.
Actions
Copy link
 #3

Updated by Davide Pesavento about 5 years ago

  • % Done changed from 0 to 50

With https://gerrit.named-data.net/c/NFD/+/5169, nfd-status-http-server runs as "ndn" user and can bind to any port number.

Note that I had to disable user namespacing (PrivateUsers=) because the ambient capabilities are only granted to the process inside the service's user namespace. From the point of view of the host, the process has zero capabilities and there is no way to acquire additional capabilities in the host's namespace.

(setting to 50% done because the .deb package needs to actually switch over to the new service file provided in NFD repo)

Actions
Copy link
 #4

Updated by Davide Pesavento about 5 years ago

Now, even with the above change, whether the package should have "--address 0.0.0.0 --port 80" in /etc/default/nfd-status-http-server or something else is a separate question. One argument against 0.0.0.0 is that opening up the server to the whole world by default may not be a very good idea. An argument against port 80 is that it might already be taken by another http server running on the machine.
That being said, I don't have a strong preference on this.

Actions
Copy link
 #5

Updated by Davide Pesavento about 5 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #6

Updated by Davide Pesavento almost 4 years ago

  • Status changed from In Progress to Feedback
Actions
Copy link
 #7

Updated by Davide Pesavento 4 months ago

  • Tags set to systemd
Actions
Copy link

Also available in: Atom PDF