Limiting Server Access to the System

Because of the possibility that bugs might give a cracker full access to your system, you shouldn't completely trust any server. Even a seemingly harmless and trivial server, such as a font server (described in Chapter 16, "Optimizing X Configuration"), can theoretically be hijacked and abused. The preceding section summarized steps you can take to minimize the server's exposure to the outside world, and hence crackers' opportunity to abuse the server. Much of the rest of this chapter is devoted to expanding this discussion. A complementary approach is to limit the server's access to your computer. Two common ways to limit such access are:

Running a Server as a Minimum-Privilege User Many servers don't need special privileges to run. For instance, a font server only needs to be able to access font files, process them, and pass the results over the network. Therefore, there's no reason to run a font server as root. Doing so only increases the odds that a cracker will be able to abuse a security flaw to gain root privileges on your system. On the other hand, some servers, such as most that accept user logins, need to run as root. Server documentation usually specifies the minimum privileges the server needs. Super servers provide tools to set the privileges with which a server runs, and Chapter 22 covers these options. Servers that don't run in this way, but that can run without root privileges, usually provide server-specific options to set the server's username. Many low-privilege servers can run as nobody (a special low-privilege account that's standard on most systems). Others may require or benefit from server-specific accounts.

Using a Jail A chrootjail is a way of running a server in a special Linux subsystem. The idea is this: Set up a directory tree that contains all the files a server needs to operate, including library files, executables, configuration files, and so on. Once this is done, run the server in such a way that it can't access files outside of this special directory tree, even with root privileges. This approach isn't perfect, but it can slow down intruders, and it may present a high enough hurdle that a cracker will move on to another system rather than try to break out of your jail. The upcoming section, "Containing Access in a Jail," describes chroot jails in more detail.

These techniques serve as protection against the scenario of a server being compromised. By limiting the access that the server has to your computer, you limit the damage that an intruder can do. Neither approach is perfect, though. An intruder might be able to leverage the limited access provided by the nobody account or the access available from within a jail to do further damage. Indeed, if the cracker isn't targeting you personally, these measures may not matter; access as an ordinary user or from within a jail may be all the miscreant needs to use your system as a launch pad for attacks against others. Nonetheless, these techniques can be important components of an overall security plan.

Team LIB

0 0

Post a comment