BugsSite/docs/html/security-os.html - WebKit - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >Operating System</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
 REL="HOME"
 TITLE="The Bugzilla Guide - 2.20.1
     Release"
 HREF="index.html"><LINK
 REL="UP"
 TITLE="Bugzilla Security"
 HREF="security.html"><LINK
 REL="PREVIOUS"
 TITLE="Bugzilla Security"
 HREF="security.html"><LINK
 REL="NEXT"
 TITLE="MySQL"
 HREF="security-mysql.html"></HEAD
 ><BODY
 CLASS="section"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >The Bugzilla Guide - 2.20.1
     Release</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="security.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 >Chapter 4. Bugzilla Security</TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="security-mysql.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="section"
 ><H1
 CLASS="section"
 ><A
 NAME="security-os"
 >4.1. Operating System</A
 ></H1
 ><DIV
 CLASS="section"
 ><H2
 CLASS="section"
 ><A
 NAME="security-os-ports"
 >4.1.1. TCP/IP Ports</A
 ></H2
 ><P
 >The TCP/IP standard defines more than 65,000 ports for sending
       and receiving traffic. Of those, Bugzilla needs exactly one to operate
       (different configurations and options may require up to 3). You should
       audit your server and make sure that you aren't listening on any ports
       you don't need to be. It's also highly recommended that the server
       Bugzilla resides on, along with any other machines you administer, be
       placed behind some kind of firewall.
       </P
 ></DIV
 ><DIV
 CLASS="section"
 ><H2
 CLASS="section"
 ><A
 NAME="security-os-accounts"
 >4.1.2. System User Accounts</A
 ></H2
 ><P
 >Many <A
 HREF="glossary.html#gloss-daemon"
 ><I
 CLASS="glossterm"
 >daemons</I
 ></A
 >, such
       as Apache's <TT
 CLASS="filename"
 >httpd</TT
 > or MySQL's
       <TT
 CLASS="filename"
 >mysqld</TT
 >, run as either <SPAN
 CLASS="QUOTE"
 >"root"</SPAN
 > or
       <SPAN
 CLASS="QUOTE"
 >"nobody"</SPAN
 >. This is even worse on Windows machines where the
       majority of <A
 HREF="glossary.html#gloss-service"
 ><I
 CLASS="glossterm"
 >services</I
 ></A
 >
       run as <SPAN
 CLASS="QUOTE"
 >"SYSTEM"</SPAN
 >. While running as <SPAN
 CLASS="QUOTE"
 >"root"</SPAN
 > or
       <SPAN
 CLASS="QUOTE"
 >"SYSTEM"</SPAN
 > introduces obvious security concerns, the
       problems introduced by running everything as <SPAN
 CLASS="QUOTE"
 >"nobody"</SPAN
 > may
       not be so obvious. Basically, if you run every daemon as
       <SPAN
 CLASS="QUOTE"
 >"nobody"</SPAN
 > and one of them gets comprimised it can
       comprimise every other daemon running as <SPAN
 CLASS="QUOTE"
 >"nobody"</SPAN
 > on your
       machine. For this reason, it is recommended that you create a user
       account for each daemon.
       </P
 ><DIV
 CLASS="note"
 ><P
 ></P
 ><TABLE
 CLASS="note"
 WIDTH="100%"
 BORDER="0"
 ><TR
 ><TD
 WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
 SRC="../images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
 ALIGN="LEFT"
 VALIGN="TOP"
 ><P
 >You will need to set the <VAR
 CLASS="option"
 >webservergroup</VAR
 > option
         in <TT
 CLASS="filename"
 >localconfig</TT
 > to the group your webserver runs
         as. This will allow <TT
 CLASS="filename"
 >./checksetup.pl</TT
 > to set file
         permissions on Unix systems so that nothing is world-writable.
         </P
 ></TD
 ></TR
 ></TABLE
 ></DIV
 ></DIV
 ><DIV
 CLASS="section"
 ><H2
 CLASS="section"
 ><A
 NAME="security-os-chroot"
 >4.1.3. The <TT
 CLASS="filename"
 >chroot</TT
 > Jail</A
 ></H2
 ><P
 >&#13;        If your system supports it, you may wish to consider running
         Bugzilla inside of a <TT
 CLASS="filename"
 >chroot</TT
 > jail. This option
         provides unprecedented security by restricting anything running
         inside the jail from accessing any information outside of it. If you
         wish to use this option, please consult the documentation that came
         with your system.
       </P
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="security.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="index.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="security-mysql.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >Bugzilla Security</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="security.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >MySQL</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<HTML
	><HEAD
	><TITLE
	>Operating System</TITLE
	><META
	NAME="GENERATOR"
	CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
	REL="HOME"
	TITLE="The Bugzilla Guide - 2.20.1
	Release"
	HREF="index.html"><LINK
	REL="UP"
	TITLE="Bugzilla Security"
	HREF="security.html"><LINK
	REL="PREVIOUS"
	TITLE="Bugzilla Security"
	HREF="security.html"><LINK
	REL="NEXT"
	TITLE="MySQL"
	HREF="security-mysql.html"></HEAD
	><BODY
	CLASS="section"
	BGCOLOR="#FFFFFF"
	TEXT="#000000"
	LINK="#0000FF"
	VLINK="#840084"
	ALINK="#0000FF"
	><DIV
	CLASS="NAVHEADER"
	><TABLE
	SUMMARY="Header navigation table"
	WIDTH="100%"
	BORDER="0"
	CELLPADDING="0"
	CELLSPACING="0"
	><TR
	><TH
	COLSPAN="3"
	ALIGN="center"
	>The Bugzilla Guide - 2.20.1
	Release</TH
	></TR
	><TR
	><TD
	WIDTH="10%"
	ALIGN="left"
	VALIGN="bottom"
	><A
	HREF="security.html"
	ACCESSKEY="P"
	>Prev</A
	></TD
	><TD
	WIDTH="80%"
	ALIGN="center"
	VALIGN="bottom"
	>Chapter 4. Bugzilla Security</TD
	><TD
	WIDTH="10%"
	ALIGN="right"
	VALIGN="bottom"
	><A
	HREF="security-mysql.html"
	ACCESSKEY="N"
	>Next</A
	></TD
	></TR
	></TABLE
	><HR
	ALIGN="LEFT"
	WIDTH="100%"></DIV
	><DIV
	CLASS="section"
	><H1
	CLASS="section"
	><A
	NAME="security-os"
	>4.1. Operating System</A
	></H1
	><DIV
	CLASS="section"
	><H2
	CLASS="section"
	><A
	NAME="security-os-ports"
	>4.1.1. TCP/IP Ports</A
	></H2
	><P
	>The TCP/IP standard defines more than 65,000 ports for sending
	and receiving traffic. Of those, Bugzilla needs exactly one to operate
	(different configurations and options may require up to 3). You should
	audit your server and make sure that you aren't listening on any ports
	you don't need to be. It's also highly recommended that the server
	Bugzilla resides on, along with any other machines you administer, be
	placed behind some kind of firewall.
	</P
	></DIV
	><DIV
	CLASS="section"
	><H2
	CLASS="section"
	><A
	NAME="security-os-accounts"
	>4.1.2. System User Accounts</A
	></H2
	><P
	>Many <A
	HREF="glossary.html#gloss-daemon"
	><I
	CLASS="glossterm"
	>daemons</I
	></A
	>, such
	as Apache's <TT
	CLASS="filename"
	>httpd</TT
	> or MySQL's
	<TT
	CLASS="filename"
	>mysqld</TT
	>, run as either <SPAN
	CLASS="QUOTE"
	>"root"</SPAN
	> or
	<SPAN
	CLASS="QUOTE"
	>"nobody"</SPAN
	>. This is even worse on Windows machines where the
	majority of <A
	HREF="glossary.html#gloss-service"
	><I
	CLASS="glossterm"
	>services</I
	></A
	>
	run as <SPAN
	CLASS="QUOTE"
	>"SYSTEM"</SPAN
	>. While running as <SPAN
	CLASS="QUOTE"
	>"root"</SPAN
	> or
	<SPAN
	CLASS="QUOTE"
	>"SYSTEM"</SPAN
	> introduces obvious security concerns, the
	problems introduced by running everything as <SPAN
	CLASS="QUOTE"
	>"nobody"</SPAN
	> may
	not be so obvious. Basically, if you run every daemon as
	<SPAN
	CLASS="QUOTE"
	>"nobody"</SPAN
	> and one of them gets comprimised it can
	comprimise every other daemon running as <SPAN
	CLASS="QUOTE"
	>"nobody"</SPAN
	> on your
	machine. For this reason, it is recommended that you create a user
	account for each daemon.
	</P
	><DIV
	CLASS="note"
	><P
	></P
	><TABLE
	CLASS="note"
	WIDTH="100%"
	BORDER="0"
	><TR
	><TD
	WIDTH="25"
	ALIGN="CENTER"
	VALIGN="TOP"
	><IMG
	SRC="../images/note.gif"
	HSPACE="5"
	ALT="Note"></TD
	><TD
	ALIGN="LEFT"
	VALIGN="TOP"
	><P
	>You will need to set the <VAR
	CLASS="option"
	>webservergroup</VAR
	> option
	in <TT
	CLASS="filename"
	>localconfig</TT
	> to the group your webserver runs
	as. This will allow <TT
	CLASS="filename"
	>./checksetup.pl</TT
	> to set file
	permissions on Unix systems so that nothing is world-writable.
	</P
	></TD
	></TR
	></TABLE
	></DIV
	></DIV
	><DIV
	CLASS="section"
	><H2
	CLASS="section"
	><A
	NAME="security-os-chroot"
	>4.1.3. The <TT
	CLASS="filename"
	>chroot</TT
	> Jail</A
	></H2
	><P
	> If your system supports it, you may wish to consider running
	Bugzilla inside of a <TT
	CLASS="filename"
	>chroot</TT
	> jail. This option
	provides unprecedented security by restricting anything running
	inside the jail from accessing any information outside of it. If you
	wish to use this option, please consult the documentation that came
	with your system.
	</P
	></DIV
	></DIV
	><DIV
	CLASS="NAVFOOTER"
	><HR
	ALIGN="LEFT"
	WIDTH="100%"><TABLE
	SUMMARY="Footer navigation table"
	WIDTH="100%"
	BORDER="0"
	CELLPADDING="0"
	CELLSPACING="0"
	><TR
	><TD
	WIDTH="33%"
	ALIGN="left"
	VALIGN="top"
	><A
	HREF="security.html"
	ACCESSKEY="P"
	>Prev</A
	></TD
	><TD
	WIDTH="34%"
	ALIGN="center"
	VALIGN="top"
	><A
	HREF="index.html"
	ACCESSKEY="H"
	>Home</A
	></TD
	><TD
	WIDTH="33%"
	ALIGN="right"
	VALIGN="top"
	><A
	HREF="security-mysql.html"
	ACCESSKEY="N"
	>Next</A
	></TD
	></TR
	><TR
	><TD
	WIDTH="33%"
	ALIGN="left"
	VALIGN="top"
	>Bugzilla Security</TD
	><TD
	WIDTH="34%"
	ALIGN="center"
	VALIGN="top"
	><A
	HREF="security.html"
	ACCESSKEY="U"
	>Up</A
	></TD
	><TD
	WIDTH="33%"
	ALIGN="right"
	VALIGN="top"
	>MySQL</TD
	></TR
	></TABLE
	></DIV
	></BODY
	></HTML
	>