FMS 3.5.1 installation security

Question

I am expirmeting with setting up Flash Media Server 3.5.1 (Interactive) on Centos 5.2 (will be runing RHEL5.2 for production). I have several concerns about the security of how the server runs. First of all, in setting a user for the server to run, only the fmscore processes assume that uid, the rest remain as root. Second, the creation of a tmp directory to store pid/sockets/mutexs. This seems perfetly normal, except that the (i assume) fmsmaster process wants it to have 777 for permissions becuase the processes are running as differnet users?

These two behaviors seem insecure. At this point in time, I would expect this type of situation not to exist - The communication channel can be secured all you want, but if the server is poorly setup, why bother. Ideally, I want to try to secure the FMS using SELinux, but would like to figure our these more mundane issues.

Thanks,

Dave

techeye · Answer

>> First of all, in setting a user for the server to run, only the fmscore processes assume that uid, the rest remain as root.

A bug was filed for this and the next hot fix (3.5.2?) should allow the edge and core to run as non-root users.

>> that the (i assume) fmsmaster process wants it to have 777 for permissions becuase the processes are running as differnet users?

This should have a bug filed for FMS to employ the "least-privilege" access policy. The problem as you stated is that the fmsmaster process (running as root) and the other processes (potentially non-root) operate on them concurrently.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded