In this article I would like to inform you about my newest pet-project: pyttpd.
pyttpd is my effort of implementing a webserver in Python, with a focus on security (through privilege separation), extensibility and scalability.
I started this project because I was not entirely happy with the lack of flexibility and support for privilege separation by popular webservers. Whilst both lighttpd and Apache httpd provide means of running processes under different users these usually require hacks like suexec. Additionally I am somehow curious about how a fully-fledged webserver implemented in Python would perform compared to the mentioned daemons.
Security through extensive use of Privilege Separation
Whilst it is common for daemons to initially run as a privileged user and drop privileges as soon as possible it is possible to make more extensive use of setuid and friends.
pyttpd's design aims at creating one privileged process, which only binds to privileged ports and spawns subprocesses.
All subprocesses have specific tasks, such as routing between all processes, protocol-specific parsing of incoming requests and handling processing of those requests.
The point is that all these processes do not run as "www-data" or another common account, but that a logic separation takes place on a per-host basis. This means that if the webserver is hosting www.example.org and webapp.example.org those will be running under different system accounts, making it hard to interfere with each other. This method should also enable the use of MAC mechanisms such as SELinux or SMACK more efficiently.
The design choice of having separate processes for each vhost comes with another benefit: users (or customers) "owning" a vhost could potentionally be allowed to modify parts of the vhost's configuration (excluding UID, GID, and other security-relevant options) on their own.
Right now pyttpd is in a very early planning stage, with no code to show yet. I am still in the middle of the process of writing down all ideas that come to my mind, weeding some out and documenting the others.
So what do I have to show you then? Well, the the concept section of the documentation is online now and I am planning on extending it in the next few days and eventually start writing code rather sooner than later.
...and opinions are what I am really interested in. If you are interested in this project I would love if you got involved in some way. Feel free to create tickets at pyttpd's project page if you have an idea you feel is worth adding or if one of my ideas is flawed, create a comment here or send me an email.