We have an environment tailored for our users to log in via ssh and instead of gaining access directly to a shell, users have a script in place of a shell. The script simply launches Mutt on the user's Maildir. The problem is that Mutt has an escape-shell which allows users to run any commands they wish. We could disable all the bin and usr/bin commands besides what Mutt needs but ultimately, a malicious user may still use shell built-ins to circumvent using system binaries. And we would like to stick to Mutt as it seems easiest and most user-friendly for our users. We thought of chroot jails but those seem to have their vulnerabilities as well. Our MTA runs with dovecot so the mailboxes sit in another directory so if a chroot were implemented, the users would need some kind of access outside the jail (even though ACLs can be set), we aren't sure that would be of much help. Therefore, we are looking for an actual solution for this. Should we go with an openvz container to be run beneath our debian infrastructure? A better chroot jail? We realize that there probably isn't too much of a threat if perl or C-compilers are disabled but we aren't experts in security either. Thanks for any input.
Asked
Active
Viewed 168 times
0
-
How about docker? – EEAA May 04 '14 at 19:15
-
Is there a particular reason you're providing ssh access rather than webmail (or POP3 or IMAP) to provide e-mail for your users? – HBruijn May 04 '14 at 20:59
-
We don't use webmail or POP/IMAP as they use SSL. Only ssh – unixpipe May 05 '14 at 10:24
-
Is the LXC production ready? Docker seems fairly young. I read a lot about how bsd jails, LXC and other chroot's are vulnerable but aren't these better than nothing or is it actually worse using these implementations? – unixpipe May 05 '14 at 15:57