On Aug 27, 2015, at 3:08 PM, Mike Tancsa wrote: > On 8/27/2015 3:24 AM, Dag-Erling Smørgrav wrote: > For the latter two, I am trying to understand in the context of a shared > hosting system. Could one user with sftp access to their own directory > use these bugs to gain access to another user's account ?
Straghtforward Unix permissions aren't really suited to such an application. You need everything to be world readable by an unprivileged WWW server. In such a setup we were successful by using a combination of mac/biba for integrity, ugidfw for effective user separation, and removing all the setuid permissions from the system. Otherwise, a non-chrooted hosting user will have at least read only access to the neighbors. Borja. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
