@@ -36,3 +36,11 @@ After taking into consideration said requirements, here's the effect of exploits
...
@@ -36,3 +36,11 @@ After taking into consideration said requirements, here's the effect of exploits
- If an admin can obtain an execution shell thanks to the library (preferably, a guest shell exploit), the library is at least "green". *By definition, ssh fits this requirement even without a shell exploit.*
- If an admin can obtain an execution shell thanks to the library (preferably, a guest shell exploit), the library is at least "green". *By definition, ssh fits this requirement even without a shell exploit.*
Basically, it's impossible to work with red, and you need at least a green library on the server. If a library has the blue modifier, then all allowed services will need to run as root.
Basically, it's impossible to work with red, and you need at least a green library on the server. If a library has the blue modifier, then all allowed services will need to run as root.
In theory, there's even one even better level of library, represented by the color gold.
If all the service libraries are gold, then (assuming sudo -u is locked for guest) *the server will be secure even if the users have write access*.
In practice, it's only useful in order to create an ftp server where users have to ability to upload files.
Such libraries not only fit the requirements for "green without blue" level, but they also don't allow to obtain a user-level execution shell. *By definition, ssh never fits this requirement.*
In other words, a gold service library is not-ssh, has no root exploits, no user password reset exploits, no user-shell exploit AND has a guest-shell exploit.
And, in order to be useful, said library needs to be ftp, else it doesn't provide a meaningful service.
