No announcement yet.

IP address protection

  • Filter
  • Time
  • Show
Clear All
new posts

  • IP address protection

    I know I started a different thread on this before but I want to re-address it now that CageFS is in a stable state.

    One of the great things about CageFS is it allows web hosts to give users shell account access without having to worry about security problems like seen with other operating systems.

    But with this great privilege comes other downsides, one being that a user can bind processes to any IP on the system that is not assigned to them. For instance they can bind a process to the IP of your mail server or your nameserver, the servers default IP address.

    Doing so they could draw unwanted attacks to IP addresses that are not assigned to them... If we need to nullroute an IP address because it is under attack we would rather it be the customers IP getting nullrouted not the mail server or servers main ip or name servers IP or another customers IP for that matter.

    Most of the control panels have a way of grabbing a list of IP addresses that have been assigned to the user, we think it furthers the security of CageFS to implement a system which reads those IP addresses and denies any application being launched by the user that attempts to bind to an IP that does not belong to them.

    For instance Directadmin stores the list of IPs that are assigned to a user in the file:

    the <username> is the same as their shell login

  • #2
    Good day:

    While we don use CageFS (my understanding is that support for CageFS on H-Sphere is not yet present), for the record....

    Good idea... and H-Sphere uses /hsphere/local/network/ips

    Thank you.


    • #3
      CageFS should work with h-sphere (if I remember correctly our patches for suexec are in h-spheres apache), but we just didn get around creating template yet.

      Regarding networking -- what we plan to do is to have ipfilters based on LVE (each network packet will be marked with LVE id, and iptables will filter packages based on that).
      We will provide command line tools to easily manage it, but it should allow you to give "slices" of internal/external IPs/port ranges available to specific users in automatic fashion -- allowing them to run irc, memcache, jabber, etc.. in a secure way.
      I still have to figure out how to prevent user from binding to IPs/ports they are not allowed to bind too.

      I am still working out details -- and it will not happen for the next 2-3 months, but this is something that we are researching now.