Tweet
I know I started a different thread on this before but I want to re-address it now that CageFS is in a stable state.
One of the great things about CageFS is it allows web hosts to give users shell account access without having to worry about security problems like seen with other operating systems.
But with this great privilege comes other downsides, one being that a user can bind processes to any IP on the system that is not assigned to them. For instance they can bind a process to the IP of your mail server or your nameserver, the servers default IP address.
Doing so they could draw unwanted attacks to IP addresses that are not assigned to them... If we need to nullroute an IP address because it is under attack we would rather it be the customers IP getting nullrouted not the mail server or servers main ip or name servers IP or another customers IP for that matter.
Most of the control panels have a way of grabbing a list of IP addresses that have been assigned to the user, we think it furthers the security of CageFS to implement a system which reads those IP addresses and denies any application being launched by the user that attempts to bind to an IP that does not belong to them.
For instance Directadmin stores the list of IPs that are assigned to a user in the file:
/usr/local/directadmin/data/users/<username>/user_ip.list
the <username> is the same as their shell login
One of the great things about CageFS is it allows web hosts to give users shell account access without having to worry about security problems like seen with other operating systems.
But with this great privilege comes other downsides, one being that a user can bind processes to any IP on the system that is not assigned to them. For instance they can bind a process to the IP of your mail server or your nameserver, the servers default IP address.
Doing so they could draw unwanted attacks to IP addresses that are not assigned to them... If we need to nullroute an IP address because it is under attack we would rather it be the customers IP getting nullrouted not the mail server or servers main ip or name servers IP or another customers IP for that matter.
Most of the control panels have a way of grabbing a list of IP addresses that have been assigned to the user, we think it furthers the security of CageFS to implement a system which reads those IP addresses and denies any application being launched by the user that attempts to bind to an IP that does not belong to them.
For instance Directadmin stores the list of IPs that are assigned to a user in the file:
/usr/local/directadmin/data/users/<username>/user_ip.list
the <username> is the same as their shell login
Comment