i have webserver spawn latex interpreter (written in python). interpreter lives inside chroot jail made using jailkit has started root.
i don't want server run root , can't setuid bash script. write setuid c program calls script i'm pretty sure leads big security holes.
the best have come far running separate webserver root sole job spawning interpreter processes.
what right way this?
your best bet create small script set environment , calls latex interpreter , make script suid root.
this best because:
- the least amount of time spent root
- just single script needs suid
- small script == smaller chance wrong
- bash pretty safe use root while running whole web server not.
Comments
Post a Comment