168client-server forwarding trickery
- Apr 4, 2001I'm trying to solve a security issue with running CGIs as root. I'm
writing an app to remotely manage a linux box, and I'd like to use SOAP.
Problem is, the server needs to run as root (or suid scripts, or in
*some* way have access to root privs) to perform sysadmin functions:
Remote SOAP client <-soap-> Local SOAP server
What I'd like to do, is place another process in-between, which has NO
privileges, and acts as a 'forwarder' between the remote client and the
Remote SOAP client <-soap-> Local 'forwarder' <----> Local SOAP server
This way, the only connection to the outside world is the local
forwarder, and since it has no privs, compromising it would not
compromise the box (i.e., buffer overflow drops you into a 'nobody'
shell, instead of a 'root' shell).
I have the first example working beautifully, with several transports.
My question: Is there an easy way to code a SOAP::Lite 'client/server'
that can sit between a client and a server, and just forward requests
(and results) back and forth?
- Next post in topic >>