Hi I have just installed webmin and virtualmin on a fresh Centos5 server. Everything works great from what I have found so far....However I may have stumbled accross a huge security problem.
If I set up a new virtual server with a single user with SSH and FTP and EMAIl access that user is created fine. If I login to FTP with that user I am locked into my my home dir.
Here is the problem....If I SSH using that user I get dropped into my home dir initally but I can then cd to "/". Now I have read that webmin and virtualmin do not chroot ssh logins....But I am successfully able to cd to "/tmp" (a folder that apparently has write access by everyone).
I can then proceed to issue this commane "dd if=/dev/null of=largefile bs=10M count=100"
This will complete successfully. To me this is not acceptable as anyone could login and do this and essentially fill up the servers hard disks.
Is this a bug? or have I missed something here?
<div class='quote'>To me this is not acceptable as anyone could login and do this and essentially fill up the servers hard disks.</div>
So, don't give a shell login to "anyone".
If you have users that willfully DoS your system, then /tmp isn't the only thing they can break. Fork bombs (though that can be prevented by the new resource limits in Virtualmin Pro), disk usage (even in /home, if you don't use disk quotas), brute force attacks on other systems or spam (that will pretty quickly result in your box being blacklisted and/or disconnected by the carrier), posting copyrighted material (takedown notices to you and possibly your provider), etc.
There is an implicit level of trust that you have to place in your users if you're giving the shell access, and there's very little we could do about that.
And, no, chrooting ssh not only doesn't prevent DoS attacks by malicious users, it also potentially reduces security in at least one significant way.<br><br>Post edited by: Joe, at: 2008/05/29 12:19
--
Check out the forum guidelines!
Thanks Joe for the quick response.
What is the best way to set up new users with out giving them SSH login privs??
Scott
I give my users SSH but... I also have some nice server programs installed to prevent what you just posted.
Look at http://www.r-fx.org/proj.php and specifically LES.
I should really write up about this in the wiki on how to setup the perfect server install and protect it.
Ok I started a new HOWTO about securing your server so that users can have SSH access but can't hurt your server including compiling or using dd.
See http://www.virtualmin.com/documentation/id,securing_your_server_howto/