Is it safe to use a unix pipe to redirect sensitive output data as input to another program?

I want to make a Node.js development server use HTTPS by giving it access to the contents of a TLS certificate and private key file.

On the one hand, I don’t like the idea of making the TLS private key file readable by anyon… Continue reading Is it safe to use a unix pipe to redirect sensitive output data as input to another program?

Using the same private key for both WSL-Ansible and Putty (or WSL-OpenSSH for that matter)

I use Windows 10 Home on my PC and SSHing to up to five different Linux IaaS-modeled machines environments with Debian/ArchLinux.

I use Ansible to orchestrate and continuously integrate and continuously upgrade data in these… Continue reading Using the same private key for both WSL-Ansible and Putty (or WSL-OpenSSH for that matter)

security considerations/issues for web-app where apache has sudo as user access

I am working on web-app and was hoping to get some security threat perspective from folks here. I am trying to identify all the potential threat vectors so I can secure them. I am too close to the problem to trust my instinct… Continue reading security considerations/issues for web-app where apache has sudo as user access

Unix Privilege Escalation: "sudo must be owned by uid 0 and have the setuid bit set"

It seems protections are harcoded into sudo that prevent the binary from executing as a low-privileged user. Running it in Ubuntu as a normal user returns the following error:

“sudo must be owned by uid 0 and have the set… Continue reading Unix Privilege Escalation: "sudo must be owned by uid 0 and have the setuid bit set"