[Twisted-Python] automating startup of twistd application.
I have a twistd daemon that runs a custom application (.tap). When starting up the daemon I have to enter the root password and a passphrase for SSL interactively from the console (the app runs a twisted web server for HTTP and HTTPS). Because I want to do some automatic maintenace tasks I need to be able to start and stop the daemon from a script. Unfortunately I have little knowledge of Linux and the twistd daemon/application and need some input on how to attack this problem.
On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:
I have a twistd daemon that runs a custom application (.tap). When starting up the daemon I have to enter the root password and a passphrase for SSL interactively from the console (the app runs a twisted web server for HTTP and HTTPS).
Because I want to do some automatic maintenace tasks I need to be able to start and stop the daemon from a script. Unfortunately I have little knowledge of Linux and the twistd daemon/application and need some input on how to attack this problem.
Requiring the passphrase to decrypt the SSL certificate is a measure of security. It makes it more difficult for attackers to trick your users into thinking the attacker is you, by rendering the certificate useless in the absense of the passphrase. If the passphrase is sitting in a plaintext file somewhere, waiting to be used by the script that restarts your daemon, this security is negated - attackers need now only read the script in addition to copying the certificate. If the passphrase is stored encrypted, then this could be avoided, but then you would have to type in a passphrase to decrypt that. Of course, you could store that passphrase in a file.... Hopefully you see where this is leading. Choose security or convenience here (there is a third alternative - come up with a new system that is both secure and convenient). If you want security, you can't automate this process; if you want convenience, you may as well store the certificate plaintext, because you're buying little by encrypting it and leaving a passphrase lying around for anyone to use. Lateral thinking may produce an acceptable solution - for example, wrap the twistd restarter in a native setuid root executable, store the certificate plaintext and readable only as root. (Still if the filesystem is stolen, the certificate has been compromised. But an encrypted filesystem alleviates this problem.) Hope this helps, Jp
Jp Calderone
On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:
Because I want to do some automatic maintenace tasks I need to be able to start and stop the daemon from a script. Unfortunately I have little knowledge of Linux and the twistd daemon/application and need some input on how to attack this problem.
Requiring the passphrase to decrypt the SSL certificate is a measure of security. It makes it more difficult for attackers to trick your users into thinking the attacker is you, by rendering the certificate useless in the absense of the passphrase. If the passphrase is sitting in a plaintext file somewhere, waiting to be used by the script that restarts your daemon, this security is negated - attackers need now only read the script in addition to copying the certificate. If the passphrase is stored encrypted, then this could be avoided, but then you would have to type in a passphrase to decrypt that. Of course, you could store that passphrase in a file.... Hopefully you see where this is leading.
Yes, I think that I am throughly hosed anyway if someone gets access to the filesystem on the machine in question.
Hope this helps,
Yes, thanks. The security aspects of it is certainly interesting and important. Where should I look to find out how to automate startup of the twistd daemon so that it doesn't prompt for the root password? -- Syver Enstad
On Jan 2, 2004, at 6:00 PM, Syver Enstad wrote:
Jp Calderone
writes: On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:
Because I want to do some automatic maintenace tasks I need to be able to start and stop the daemon from a script. Unfortunately I have little knowledge of Linux and the twistd daemon/application and need some input on how to attack this problem.
Yes, thanks. The security aspects of it is certainly interesting and important. Where should I look to find out how to automate startup of the twistd daemon so that it doesn't prompt for the root password?
Typically the way that one does this is to start a daemon as root via one of the following "startup phase" options: crontab (a @reboot directive), an init.d (sometimes called rc.d or rc) script, a "StartupItem bundle" on OS X, etc. These don't need the root password to run once installed because they are executed as root during the normal startup phase of the computer. -bob
participants (4)
-
Bob Ippolito
-
Jp Calderone
-
Syver Enstad
-
Syver Enstad