Mongodb is a web based console to try out Mongodb.
I have created something similar to try out nodejs. In nodejs I am accepting user input and then I am performing eval on that command. Given the power of nodejs , someone from web console can create a file, delete files on the system or could execute rm -rf.
I was wondering if it would be okay to run nodejs as a user called node. This user node will not have any privilege to write anything, create anything or update anything. The only access this user will have is read access.
Will that work or that is too much of risk? What is a good strategy to handle such a situation?
-
Hrm, the problem is that if he has access to files he owns, users could probably just as easily set permissions to something editable. Remember, if you're giving users access to shell commands, you've already opened yourself up to a whole suite of problems. That's generally a bad idea.
Even if the user doesn't own any files and just existed to run your application, you're opening yourself up to things such as full temporary directories and mail spools.
Is there any way to run the V8 engine in a restricted environment? Disallow all IO? I'd personally look for a method such as that.
From McJeff -
Running as a less privileged user can help. For an extra level of paranoia you could run the service within a minimal chroot jail, optionally within a loopback mounted disk image to limit disk space usage - the user cannot run programs or fill disk space if they cannot be accessed. Put exactly and only the files and free space they will need on that file system. They will not be able to access anything else. As an extra benefit you can just use a single cp command to either back up or restore the state of the image. Also consider using nice and ulimit to control usage of other resources.
From Justin Smith
0 comments:
Post a Comment