I recently deployed pihole on a pre-existing system, so I put the web console in an existing Apache deployment. This very quickly lead to identifying a number of potential security issues such as PHP scripts invoking sudo. Needless to say, there is no way that any web server should be allowed out of it’s sandbox.
As a first pass, I simply commented out all the lines invoking sudo via either exec() or popen(), and I can live with that loss of functionality. Is there a solution other than to fork the web console part of the project and polish out the crude commenting out of sudo (gracefully remove all functionality that requires it)? Has somebody perhaps already done such a thing, before I take it upon myself to do that?