Can anyone confirm my assumption that splitting my node server process
into an unprivileged child that handles incoming network connections and
a privileged parent that has access to a password database prevents
attacks on the V8 network layer where an attacker would otherwise be
able to get privileged access.
The only communication between the parent and the child occurs over an
IPC channel where the parent only accepts simple and strictly typed JSON
messages.
I'm trying to build a server and apply some privilege separation
techniques [1] comparable to how OpenSSH is doing this [2]. But I'm a
bit insecure if these techniques really make sense in a garbage
collected and interpreted language like JavaScript. I can imagine it
only mitigates against flaws in V8, OpenSSL, libuv and any other bundled
C code, but not so much against flaws in the JS I write myself.
-Tim
[1]
https://github.com/Netsend/mastersync/wiki/Mastersync-privilege-separation
[2] http://www.citi.umich.edu/u/provos/papers/privsep.pdf
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/54552135.4010602%40netsend.nl.
For more options, visit https://groups.google.com/d/optout.
