On 6 August 2011 12:06, laurent laffont <[email protected]> wrote: > Hi, > with a public SmallHarbour (public fork of SeasideHosting - > smallharbour.org) people can upload images that do bad things: change > filesystem, run commands, .... > Actually, what are the ways of securing a server so people can't do bad > things ? > I'm thinking of: > - run the vm/image within a low right unix account > - remove dangerous plugins (OSProcess, ?)
you don't need to remove dangerous plugins. What you can do (with latest VMs) is to use 'disable module loading' mechanism. http://code.google.com/p/cog/issues/detail?id=13 > Can we easily chroot ? > what are known solutions ? > Laurent. -- Best regards, Igor Stasenko AKA sig.
