Improve security

[vollstock]

The settings server should be secure. Being a network service, it should take some measures to secure the system. Especially as it’s is made to tinkering with the core system.

This however is not an easy task.

First we need to come up with a good concept of what should be protected and how.

Privileges

Right now, the service runs as root. I don’t feel very comfortable doing that but sometimes it needs root privilges to do it’s thing, e.g. when changing the user password or hostname. But it’s not that often.

The tooloop user can call some commands using sudo without being asked for a password:

• /sbin/poweroff
• /sbin/reboot
• /sbin/shutdown
• starting and stopping the VNC server

These should not be a security issue, I think.

REST service vs. Frontend

The settings server is split in two layers. The frontend (HTML and Javascript) and the backend (Flask / python). Everything we do in the browser simply calls the backend’s REST service.

So whenever when thinking about hardening the settings server, we need to take that into account.

[vollstock]

So here is my own proposal of things to decide and do:

• Move all (REST calls and frontend HTML) communication from HTTP to HTTPS
• Decide on and implement API security
• Research whether we need to differentiate between the system user and the API user or in general whether we need actualy system roles.