I have configured my first publicly accessible nginx server. I have configured it to use a /tmp/nginx folder to store temp files. This includes the body of http requests, proxy files etc. The /tmp folder is on external partition with nosuid, noexec and nodev privileges. Is this configuration potentially dangerous?
-
Thank you Gilles for editing my topic, my english isn't perfect :) – Galmi Feb 11 '12 at 23:46
2 Answers
The greatest concern is that an attacker can use a temporary directory to store executable code, which is a useful foothold when exploiting your system. Almost always the /tmp has very open privileges, such that any process can write to them (chmod 777). As an example, I took advantage of this property of /tmp when bypassing AppArmor to obtain remote codex execution in PHP-Nuke using a Local File Include vulnerability chained with a MySQL's into outfile. File uploads are also commonly stored in /tmp which in PHP can also turn a LFI vulnerability in to remote code execution.
Regardless of platform there are two permission strategies you must adopt. The rational is that an attacker is going to use your application against you and there for is limited by what the application can do.
The web application must never have write access to any file or folder within the web root or any of the application's executable files. An attacker will use this to introduce a backdoor or to perform drive-by-download attacks on clients.
A web application must never be able to execute code that is not in a file within the application's directory. never use
eval()
, it is often a dirty shortcut and leads to remote code execution. In PHP you can set the open_basedir configuration option such that it can only include files within your application directory. You can also disallow access to eval() and other exploitable php functions using hardened-php.
-
I am planning use PHP on the server side to run Wordpress and other popular and well-protected applications. At the moment I focus on Python / Django and Ruby / RoR on uWSGI. The disadvantage of the use tmp folder for storing sensitive data are certainly too "open" privileges, but do not know which folder to use to store this data. Nginx server is installed in / opt / nginx and do not want to store temporary data in this directory. However I plan to use srv directory to store configuration, pid, socket files etc, and I think there will be a place for temp directory. Is this a good solution? – Galmi Feb 12 '12 at 00:05
-
1@Galmi yeah using another directory, srv, is a good idea. Make sure that Nginx is the only process with access. – rook Feb 12 '12 at 00:36
It may have security implications if other users on the box have access to the box's tmp folder.
If others have access they may read the tmp folder, extract a session id then hijack it.
The tmp folder should be limited to only the webserver.
- 16,119
- 10
- 56
- 97