TurnKey Linux Virtual Appliance Library

Security? - Python and an SQL update using exec.? Is it safe?

For the Psiphon patch (http://www.turnkeylinux.org/forum/general/20110215/psiphon-25-tklpatch) I've been working on, I planned to finish it off by something that I thought was far outside my reach: In the event of DHCP, on everyboot.d run a script to update the proxy table so the interface can be accessed remotely from the local network (and thus run the machine headlessly). The alternative was to configure via webmin and lynx (text-based browser).

I'm remarkably proud of what I came up with based on Alon's mysqlconf.py script. I've come a long way.  Nevertheless - I'm told it's a significant security risk and promiscous, even with the logic I intend to add.

I'm looking for an alternative to the script I've attached - an alternative would need to find the LAN ip address of either eth0 or eth1, then update the table 'proxy' in the database 'psiphon' where name = "administrative." It would run from /usr/lib/inithooks/everyboot.d.

I'm definitely not asking someone to do it for me; just wondering how to achieve this without using mysql exec, since I've been warned to shy from it.  I'm hoping for a point in the right direction.

On the other hand, would you suggest I continue on this tact and consider it safe enough for now? I can imagine that's a viable answer.

I found ipaddr.py, which possibly could help sanitize what gets put in the table. Perhaps that could mitigate the risk?

I'm clearer on the risk

I understand better to some degree what my friends' concerns were with using a "blind exec" to update an entry in a mysql table. I undertand that there's a risk of sql injections that could compromise an application that has has security at the front of its mind. I further understand that there's the possible risk of inserting a string with the wrong character set. So I'm a little less ignorant than I was.

The recommendation is to use python-mysqldb to handle the query. I'm not sure in that case if I can pull this off as "turnkey" as I'd like - I don't want the user to have to enter the database user password on everyboot. I reckon I can pull it from a config file if it comes to that.

In the meantime, i've imported ipaddr to help make sure the data is clean - first i make sure it's a valid IPv4 address. If it passes that test, I make sure it's in the block of addresses - 10., 172., 192. Is that enough of a pattern match I'm wondering?

Anyway, eager for others' assessments. This is an adventure I'm appreciating.


In conclusion...

I reckon from discussions I've had that the method I used is simply not best practice, but in this case would have been secure to an appropriate degree.

Nevertheless. I took baby steps and remade the script from scratch. My very own first authentic Python script. There's a few lines I found helpful from a recipe at code.activestate.com. Otherwise, it's all a result of logic that seemed sound to me last night.

It's the second attachment. It's in need of error trapping, but I can't get it to make an error for me to trap.

Yeah, I'm proud, but still keen for suggestions for revision.

I did try to get information from confconsole's wizardry, but I had no success.


Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)