Dean Ward Dean Ward - 4 months ago 16
Node.js Question

I have to run node as root to send icmp echo packages for ping - how can I make it secure?

I'm using node's net-ping to enable my front end to ping by connecting to node via websockets. Because linux will only let root users send out ping requests I'm having to run the script via sudo. I'm not at all comfortable doing this but I don't think I have very much choice.

What I would like to know is are there any other ways to get permissions to send ping requests or if not, what steps should I take to make it secure as possible?

Dev server is Ubuntu Desktop 13.10x64 and production server is ubuntu server 12.04x64

EDIT:

I have node running a script that sets up a sockets.io socket server and listens for requests from the front end (website) to do a ping on a host. It then runs the ping via net-ping and sends the results back to the client as they come in. In this way I can run almost realtime pings via the website. The websockets themselves don't run the pings, they just let the "ping server" and the client communicate.

Answer

Access to ports < 1024 is protected on Linux. And I agree: Running node.js as root might not be a smart idea.

Try to execute the command /bin/ping instead. It's a SUID command which means it'll become root just to send the ping.

An alternate solution would be to run 2 node.js processes. One takes commands from the web and the other sends the pings. The outer server becomes a kind of smart firewall for the protected ping server which runs as root and only accepts connections from localhost.