4

My web server is chrooted into /var/www, and its contents are available over the network.

One of my web applications needs access to a unix socket, and so that socket needs to be somewhere in /var/www to be accessible by the server.

Does it pose any security risk creating the socket in a web accessible directory?

ssh2ksh
  • 141
  • 2

1 Answers1

1

Well, further analysis with more data may be needed, but, at first sight, it seems that the only problem you may have is a malicious user exploiting the program behind the socket, gains the same privileges as the program and may gain root access depending on the environment.

Apart from this I can't see any other problem. But consider making this exercise:

  1. Has been the software properly tested and audited regarding security topics?
  2. Can your program damage any other process if it gets hacked?
  3. How much access do you concede an user if your program gets hacked?
  4. Is there any critical information in the same user space?
  5. Is there any other way to launch the program who attends the socket less risky? Is it worth?
kiBytes
  • 3,450
  • 15
  • 26