On Thu, Aug 27, 2015 at 03:19:04PM +0200, Borja Marcos wrote: > > On Aug 27, 2015, at 3:08 PM, Mike Tancsa wrote: > > > On 8/27/2015 3:24 AM, Dag-Erling Smørgrav wrote: > > For the latter two, I am trying to understand in the context of a shared > > hosting system. Could one user with sftp access to their own directory > > use these bugs to gain access to another user's account ? > > Straghtforward Unix permissions aren't really suited to such an application. > You need everything to be > world readable by an unprivileged WWW server. > > In such a setup we were successful by using a combination of mac/biba for > integrity, ugidfw for > effective user separation, and removing all the setuid permissions from the > system. > > Otherwise, a non-chrooted hosting user will have at least read only access to > the neighbors.
Hmm, this doesn't necessarily need to be true. When I set up a shared hosting system some years ago, we put all the users in a single primary group, then all their home directories had u+rwx,g-a,o+x Unix access permissions. It seemed to work for keeping them out of each other's homes and for letting both the webserver and the SSH server peek inside. Of course, this would still allow somebody to explicitly modify the access permissions of her own home directory, but, first off, I don't think there ever was such a case, and we also had a periodic check for this as well as some other silly things that people always manage to do (and, yes, "people" here does include myself, too). G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: Digital signature
