Have you looked at VMware? ( http://www.vmware.com )
It let's you provide an environment at the hardware-like level inside a real box. This way, if the the script kiddie get's control of your virtual environment, you can just reset back to a pre-saved state. Meanwhile, the real box is protected from the virtual (at least should be). On Tue, 30 Mar 2004, Serban Gh. Ghita wrote: > Hello > > I am banging my head on the table every day, because i cannot find an > elegant and safe solution to secure a virtual shared environment (server). > Take the following facts: > -you have a virtual server (unix) and you have to take care of a lot of > clients. > -no one has acces to shell, cronjobs or stuff like that, only 21 and 80 > -you dont want anyone to get out of his 'box' (eg /home/sasha/) > -you want to allow php, perl or other web languages to run safely and in the > same time will _almost_ all features. > -in php (because this is the one of the most user language for web - for > mostly endusers), i have options like safe_mode, but if i activate that, > many functions and features will not work. i know (because i tested) that > the best solution is open_basedir, but i cannot create an restriction like > that for each user, or at least i dont know how to do that. > > My problem is that i tested some script-kiddies local exploits (php,perl) > and the system is vulnerable, the user can get out of his box and see system > files (etc/passwd, other dirs). > > What are the options here. Any paper or book written about this? > > Thanks > > Serban Gh. Ghita > > >
