Loading ...
Sorry, an error occurred while loading the content.

168client-server forwarding trickery

Expand Messages
  • Brutsch, Michael
    Apr 4, 2001
    • 0 Attachment
      I'm trying to solve a security issue with running CGIs as root. I'm
      writing an app to remotely manage a linux box, and I'd like to use SOAP.
      Problem is, the server needs to run as root (or suid scripts, or in
      *some* way have access to root privs) to perform sysadmin functions:

      Remote SOAP client <-soap-> Local SOAP server

      What I'd like to do, is place another process in-between, which has NO
      privileges, and acts as a 'forwarder' between the remote client and the
      privileged server:

      Remote SOAP client <-soap-> Local 'forwarder' <----> Local SOAP server

      This way, the only connection to the outside world is the local
      forwarder, and since it has no privs, compromising it would not
      compromise the box (i.e., buffer overflow drops you into a 'nobody'
      shell, instead of a 'root' shell).

      I have the first example working beautifully, with several transports.

      My question: Is there an easy way to code a SOAP::Lite 'client/server'
      that can sit between a client and a server, and just forward requests
      (and results) back and forth?
    • Show all 9 messages in this topic