Types of libraries
(GREY: Unknown)
RED: Lead to an unsecure server, don't install!
ORANGE: Secure for service, doesn't allow admins to access the server
BLUE (modifier): Can lead to service disruption, but not lost of control
GREEN: Secure for service AND allow admins to carry their tasks
GOLD: Secure, allow admins AND doesn't allow user-level shell
In a perfect world, there should be at least one green lib installed, and no lib worse than blue
Orange ones can be used on servers who doesn't rely on a user connecting (chat and http, root-only bounces)
For security reasons, non-root users can only have read-only permissions
The ONLY exception is when all service libraries are gold (in practice, it's only useful for ftp servers) and the "sudo -u" command is blocked for guest
Types of users
root: the super-administrator, accessing any data about it is a security violation
user: an account accessed by a script or a human, assumed public knowledge but resetting the password is a security violation
ghost: a user created for the sole purpose of controlling the "registered user" exploit requirement and therefore have no rights as they aren't meant to be used. as they are treated as users by the game engine, exploits won't treat users and ghosts in the same way
guest: a password-less account which can't be accessed by legitimate requests, which makes it a perfect entry point for an admin backdoor
Exploit requirements
Some exploits can be "disabled" by modifying the server's configuration
The trick is finding one or several service libraries falling into the "green-blue" range when following said rules about requirements :
"Same LAN only" is always false : if a machine is compromised, everything falls apart
"specific version for LOCAL_LIB" can be true/false forever : there's no reason to upgrade those libs as local escalation shouldn't occur
"active X user" is always true for an intruder, always false for an admin : assume the worse as this condition is naturally evolving
"registered users" and "forwarded ports" should be heavily documented : it is likely this number will increase over time as additional services are added on a machine
Important exploits
After taking into consideration said requirements, here's the effect of exploits on the rating of a library
- Any root-level exploit locks a library into "red", as they allow either to access critical files, block the admin access or block the service
- If the rule above is not fulfilled, the library is at least at "orange" level
- A "user password reset" exploit add the "blue" modifier, as any service depending on a non-root account can be blocked by changing the password (as it's a modifier, the library will be either orange-blue or green-blue)
- If an admin can obtain an execution shell thanks to the library (preferably, a guest shell exploit), the library is at least "green". By definition, ssh fits this requirement even without a shell exploit.
Basically, it's impossible to work with red, and you need at least one green library on the server. If a library has the blue modifier, then all allowed services will need to run as root.
In theory, there's even one even better level of library, represented by the color gold.
If all the service libraries are gold, then (assuming sudo -u is locked for guest) the server will be secure even if the users have write access as long guest has no write permissions and can't access any directory the users can write.
In practice, it's only useful in order to create an ftp server where users have to ability to upload files.
Such libraries not only fit the requirements for "green without blue" level, but they also don't allow to obtain a user-level execution shell. By definition, ssh never fits this requirement.
In other words, a gold service library is not-ssh, has no root exploits, no user password reset exploits, no user-shell exploit AND has a guest-shell exploit.
And, in order to be useful, said library needs to be ftp, else it doesn't provide a meaningful service.