[WEB SECURITY] On sandboxes, and why you should care

Ivan Ristic ivan.ristic at gmail.com
Fri Mar 31 12:45:50 EST 2006


On 3/31/06, Brian Eaton <eaton.lists at gmail.com> wrote:
> Any views on how much security value is really there?  Are there a lot
> of environments where some senstive application A is sharing a host or
> an application server with a less secure application B?

I believe there are many hosting providers that are offering
inadequate service in terms of security. A common problem is to have
one instance of the web server running *all*
domains/sites/applications. Not surprisingly, in such an environment
you are as secure as the weakest link. If someone is looking to attack
one domain/site/application the cost-effective option may be to simply
purchase a shared hosting account on the same server. The absolute
minimum for shared hosting, IMHO, is to run each application as a
separate user. (It is possible to safely serve the static files
through only one instance of the web server.) By doing this you can
make use of the facilities provided by the operating system to
separate the users, limit their access to server resources and,
ultimately, jail them into virtual file systems.

> And does
> sandboxing application B do much to mitigate the threat of a
> vulnerability in B being used to steal data from A?

It does a lot. However, shared hosting facilities will always be less
secure than dedicated servers. For example, an unpatched kernel
vulnerability would allow the attacker access to everything on the
server, even with everything else perfectly configured.

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list