Secure Coding mailing list archives
virtual server - security
From: "Serban Gh. Ghita" <sasa () stonet ro>
Date: Wed, 31 Mar 2004 00:20:51 +0100
Hello I am banging my head on the table every day, because i cannot find an elegant and safe solution to secure a virtual shared environment (server). Take the following facts: -you have a virtual server (unix) and you have to take care of a lot of clients. -no one has acces to shell, cronjobs or stuff like that, only 21 and 80 -you dont want anyone to get out of his 'box' (eg /home/sasha/) -you want to allow php, perl or other web languages to run safely and in the same time will _almost_ all features. -in php (because this is the one of the most user language for web - for mostly endusers), i have options like safe_mode, but if i activate that, many functions and features will not work. i know (because i tested) that the best solution is open_basedir, but i cannot create an restriction like that for each user, or at least i dont know how to do that. My problem is that i tested some script-kiddies local exploits (php,perl) and the system is vulnerable, the user can get out of his box and see system files (etc/passwd, other dirs). What are the options here. Any paper or book written about this? Thanks Serban Gh. Ghita
Current thread:
- virtual server - security Serban Gh. Ghita (Mar 30)
- Re: virtual server - security Scott Nemec (Mar 30)
- RE: virtual server - security Dave Paris (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- RE: virtual server - security Dave Paris (Mar 31)
- Re: virtual server - use jail(8) on FreeBSD Paco Hope (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- Re: virtual server - security Fernando Schapachnik (Mar 31)
- Re: virtual server - security Louis Solomon [SteelBytes] (Mar 31)
- Re: virtual server - security Frank Peters (Mar 31)
- <Possible follow-ups>
- RE: virtual server - security Jeremy Epstein (Mar 31)
- Re: virtual server - IPS Paco Hope (Mar 31)