How unexpected server processes running as domain users are configured to automatically terminate?

The pages mentions about this new feature:

Unexpected server processes running as domain users are now detected and included in the validation report, and can optionally be automatically terminated.

but I couldn't find any documentation or discussion on this new feature and wonder:

1) What were the basis for introducing this kind of feature? Are they (unexpected server processes running as domain users) happen so often? Why they happen at all?

2) What are exact steps to configure this new feature to terminate such unexpected process automatically?



Joe's picture
Submitted by Joe on Sun, 08/20/2017 - 10:21 Pro Licensee

I believe this is to prevent users from starting services that take ports that are expected to be used by other users. e.g. someone has a RoR app on localhost:3000 and Virtualmin has created a proxy rule for that. You wouldn't want another user to be able to "sneak" onto that port. It could lead to a MITM attack or DoS, for example. (At least, I think that's what it's for. Jamie and I talked about the problem a while back.)

It is theoretical; nobody has reported problems with this, to my knowledge. Just being pro-active.

I'm not sure how it's configured. I'll have to poke around. Jamie may chime in with answers before I get it figured out, though. ;-)

This feature can be enabled or disabled at System Settings -> Virtualmin Configuration -> Server administrator permissions -> Can listen on unexpected ports?

Well, if it's theoretical and there were no actual problems reported, then we will just ignore this feature for now.

If you're running a hosting system with users that you don't fully trust, it may be worth enabling this feature to prevent port stealing. On the other hand, if all the domains are yours then it isn't worth worrying about it..

Jamie, why you didn't push this to all Virtualmin servers? I mean why this should be enabled separately?

It's a new feature which could potentially do bad things if it went wrong (like killing random processes), so I decided it would be safer to leave off by default, at least initially.