Results 1 to 10 of 10
  1. #1

    Security and CPs

    I have noticed that webCP runs as a daemon. . . is there a particular reason why a control panel runs as a daemon? Is there a security involved with developing a control panel in that fashion?

    Wouldn't it be possible to run a control panel on a port available for most firewalls yet running on Apache with SSL on that port? What ports are available on most firewalls anyway?

  2. #2
    Join Date
    Jul 2001
    Location
    Wrapped in CAT5.
    Posts
    217

    Re: Security and CPs

    Originally posted by Xanthis
    I have noticed that webCP runs as a daemon. . . is there a particular reason why a control panel runs as a daemon? Is there a security involved with developing a control panel in that fashion?

    Wouldn't it be possible to run a control panel on a port available for most firewalls yet running on Apache with SSL on that port? What ports are available on most firewalls anyway?

    I'm not sure I understand the question.

    1.) I don't think a daemon gives you any more security. If anything, if it's running as root (or can suexec to root somehow) it's most likely going to be less secure. (It will have its own set of exploits).

    2.) Why does a control panel have to listen on a port other than 443?

    3.) SSL might give you transport level security, but I think most attacks don't target the transport -- they target what happens at the endpoints of the connection.

    4.) An admin can define what he wants open in a firewall. A well built firewall wouldn't have any 'default' ports (aside from maybe 80) -- as this would clearly add to the amount of 'default exploits' that a firewall would make available 'out of the box'.

    Dan
    Dan Esparza
    CagedTornado web services

  3. #3
    Actually you have anwered my question.

    Though I've heard that Plesk runs on a port that are usually not accessible behind a firewall. I cannot recall what port it is running on, but is there a port where a CP can be install on to and customers are able to access it even behind a firewall.

    The plan is to install the CP on a port that is accessible by most firewalls though I'm not sure what ports are available that most firewalls will allow a user access to.

  4. #4
    Join Date
    Nov 2000
    Posts
    3,042
    1.) I don't think a daemon gives you any more security. If anything, if it's running as root (or can suexec to root somehow) it's most likely going to be less secure. (It will have its own set of exploits).

    I don't see it as "more" of a security risk, that depends on how it's coded. Unfortunately there are only two ways for a control panel to use some functions: Suexec or SUDO. There are other options, but they have been proven to be LESS secure.

    And BTW, any control panel running as root, now that's a security problem.
    A well-reasoned assumption is very close to fact.
    - Adorno

  5. #5
    Originally posted by comphosting
    And BTW, any control panel running as root, now that's a security problem.
    You don't think it's appropriate for a control panel to perform any root-level tasks on a server?
    Matt Lightner - http://www.mattlightner.com/
    - First initial to the last name at the mail service provided by the world's largest search engine
    - Founder and CEO (Former) Site5.com, sold in 2008
    - Really honestly wants to be a good WHT citizen but can never remember all the correct etiquette. Mods, sorry in advance

  6. #6
    I'm a big fan of webcp, and I think I know it fairly well. The daemon does run as root. However, it doesn't listen to any ports and doesn't directly interface with anything else but a MySQL DB and a file.
    The daemon itself doesn't display the webpages, a separate version of apache does that. Powered by a PHP back/front-end it writes/read to a MySQL DB and sets the file so the daemon knows it needs to search the DB for updates. By making sure oinly the separate version of apache and webcpd can write/read to the file, you increase security.

    I hope this was of any help

  7. #7
    Originally posted by Gyrbo
    I'm a big fan of webcp, and I think I know it fairly well. The daemon does run as root. However, it doesn't listen to any ports and doesn't directly interface with anything else but a MySQL DB and a file.
    I am in no way familiar with WebCP, but wouldn't that prevent customers trying to perform a particular action from getting a real-time response to their request? When the daemon goes to process the update and perform whatever task it is going to perform and it encounters an error, how is that error relayed back to the web interface? I assume that it isn't... or perhaps I just don't understand exactly how WebCP works (probably more likely ).
    Matt Lightner - http://www.mattlightner.com/
    - First initial to the last name at the mail service provided by the world's largest search engine
    - Founder and CEO (Former) Site5.com, sold in 2008
    - Really honestly wants to be a good WHT citizen but can never remember all the correct etiquette. Mods, sorry in advance

  8. #8
    The checking is first done by the front end. Most errors are being handled by that. Any errors produced by tyhe daemon are never shown to the client. I however have never seen the daemon produce errors that could've been of any interest to the user.

  9. #9
    I see. That seems logical enough. One other thing that seems awkward is the fact that the changes are not actually made in real-time, but instead with a delay of however long the daemon takes to implement the changes. It may be checking the mySQL database very often, but even so, if it were me, I would like things to be done in real-time so I know when they have completed.
    Matt Lightner - http://www.mattlightner.com/
    - First initial to the last name at the mail service provided by the world's largest search engine
    - Founder and CEO (Former) Site5.com, sold in 2008
    - Really honestly wants to be a good WHT citizen but can never remember all the correct etiquette. Mods, sorry in advance

  10. #10
    FYI:
    - apache is running on another port to be on a dedicated user. That way files are not publicly readable and not publicly accessible by all users on that server

    - the webcp.php daemon checks for a flag every second, and when that flag is found ity will scan the databases, make appropriate changes to the systme and restart the services that are needed. Therefore it is actually faster that way because you don't have to wait for all that to happen before doing more changes.

    To be even more secure, we could arrange webcp to use SUDO with access to only the files that are needed. But that can be quite a lot, as it includes all web files, all config files.

    Right now, we are not aware of any possible remote exploit to get root or any kind of shells.

    As far as I am concerned, when you code secure it stays secure. It's all in the design and not in the buzz-words
    Félix C.Courtemanche · [email protected]
    Can-Host Networks · http://www.can-host.com
    web«cp Control Panel · http://webcp.can-host.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •