Running WWW Services As Root: Not a Good Idea
Fri, 12 Feb 2010 22:42:58 +0000
Recently I've registered an account on twitterfeed.com site that forwards blog RSS-es to Twitter and Facebook accounts. Headers of incoming mail attracted my attention:
Return-Path: root@mentiaa1.memset.net (...) Received: from mentiaa1.memset.net (mentiaa1.memset.net [89.200.137.108]) by mx.google.com with ESMTP id 11si7984998ywh.80.2010.02.12.06.24.18; (...) Received: (from root@localhost) by mentiaa1.memset.net (8.13.8/8.13.8/Submit) id o1CERcGq004355; (...) From: noreply@twitterfeed.com (...)
Interesting parts are bolded out. As you can see registering e-mail was sent from root account. Probably the same user id is used for WWW application. That means if you break the WWW application you can gain control over whole server.
The preferred way to implement WWW services is to use account that has low privileges (www-data in Debian) because breaking the service will not threat whole server.
