I've setup my Raspberry Pi with nginx and fcgiwrap as CGI. I wanted to control GPIO ports using a Python script with the Rpi.GPIO library. The problem is that in order to be able to control the ports, I need to run python as root, therefore CGI as root.
I've read in this the question How to include RPi.GPIO in a python CGI script with lighttpd? that running a CGI server as root opens a big seccurity hole. Can you explain why?
Running a web server as root is considered unsafe because any security flaw in your web applications could potentially allow an attacker to execute code with root privileges.
If your web server is running with limited privileges, an attacker can gain, at most, the same privileges the web server has.
You can change the ownership of the required GPIO device files to a non-root userid under which you run the web server and associated helpers. Even better, assign them to a user group including both the web server and your test account, and set the group permission bits.
Or you can write a daemon which runs as a user which has been granted access to those files, and accepts commands and queries which it carefully sanitizes over a channel such as a unix domain socket, named pipe with file-level access restrictions, etc.
