Re: Security from others when server running

To: debian-user@lists.debian.org
Subject: Re: Security from others when server running
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Sun, 16 Sep 2001 13:42:58 -0700
Message-id: <[🔎] 20010916134258.C14595@doorstop.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 8f.f6dbfee.28c5351e@aol.com>
References: <[🔎] 8f.f6dbfee.28c5351e@aol.com>

* JakeCatfox@aol.com (JakeCatfox@aol.com) [010903 12:39]:
> Hi, I'm running a server in a public location, and the applications running 
> on the server run in their own virtual console (or an xterm window). However, 
> if someone came up and closed the xterm or hit ^C they could cancel the 
> server operation, which risks data loss, server failure, etc., and they would 
> also have full access to every aspect of the user account the server is run 
> on.
> 
> Is there a good way to keep others from messing with the server?

I'm not sure I understand what it is you run in these 'servers'. This is
some sort of kiosk where users need to be able to interact with these
applications? If so, the applications themselves should be made more
robust, so that they can not be shut down or interrupted from the user.

If that's for some reason not an option, then try running it from within
a loop program that simply respawns the application if it closes. This
may not prevent some data loss in the applications, but at least it
won't allow them a shell if they interrupt the process. At the very
least, you should be starting the application with 'exec <application>'
so that the shell exits, surrendering control to the application. That
way, when the application exits, the user is logged out immediately;
there's no shell to return to.

If you do create a loop program, it should trap and not respond to the
INT and SUSP signals that can be generated from the keyboard. Your
machine's inittab should also be made to ignore ctrl+alt+del.

I doubt that you mean that these are applications running on the
terminals which you do not intend users to interact with at all; if this
is the case, maybe you should look into xlock or other such software
console locking applications. Another option when running applications
which for some reason or another must be run attached to a console is to
run them from within a screen session, then detach the screen session
and logout. The best part of this solution is that you can remotely
administer the applications by ssh'ing to the machine and re-attaching
the screen session on your ssh tty.

I hope some of my vague suggestions are oh some help to you; for more
specific help, please post a more specifically-worded question.

-- 
Vineet                                   http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
echo Qba\'g gernq ba zr\!             |tr 'a-zA-Z' 'n-za-mN-ZA-M'

Attachment: pgptqwsPJ4quf.pgp
Description: PGP signature

Reply to:

References:
- Security from others when server running
  - From: JakeCatfox@aol.com

Prev by Date: Re: .m2v files which format ?
Next by Date: Re: zlib and files >2GO
Previous by thread: Re: Security from others when server running
Next by thread: Voodoo5, unstable, X11 v.4, and gl apps
Index(es):
- Date
- Thread