Apaf's Services Linux Hardening

[fpietrosanti]

When an Apaf Service is deployed under linux, it's possible and easier to gain a lot of security features.

This ticket is to support the implementation of many security features in a configurable way for Apaf Services:

Chroot and Uid/Gid

Twisted support by default chroot by command line, it must be evaluated whenever it's better to chroot by twistd command line or from within the application.

Twisted support the following cmdline switch http://linux.die.net/man/1/twistd :

--chroot Chroot to a supplied directory before running (default: don't chroot). Chrooting is done before changing the current directory.
-u, --uid The uid to run as. (default: don't change)
-g, --gid The gid to run as. (default: don't change)

Some good info on that are available on http://www.tsheffler.com/blog/?p=526

Please notices that handling of Chroot environment require all the third party applications used by the Service to be reachable/usable from within the chroot and it may require particular care by design in implementing third-party dependent features (thinking about using GPG to encrypt file and/or email?).

Secure Computing Mode

Linux Kernel introduce Secure Computing Mode.
After the secure computing mode has been set to True, the only system calls that the thread is permitted to make are read(), write(), _exit(), and sigreturn(). Other system calls result in the delivery of a SIGKILL signal.

It is implemented by prctl.set_seccomp(mode) with package PRCTL available on http://packages.python.org/python-prctl/