3

I'm a teaching assistant in software security and running a server that is vulnerable by design.

It's an nginx server, and it has 40 ports open. Each port serves a web application, and all the web applications are very vulnerable to hacking. If one web application is compromised, the attacker will gain the privileges of the www-data user, and the attacker will then be able to compromise the other 39 web applications. Is there any way I can keep this from happening? I don't want the attacker to gain access rights beyond the single hacked web application.

Hardware limitations on the server makes Docker unfeasible, let alone VMs.

Magnus
  • 255

2 Answers2

3

If one web application is compromised, the attacker will gain the privileges of the www-data user, and the attacker will then be able to compromise the other 39 web applications. Is there any way I can keep this from happening?

Yes. Don't do that. There's absolutely no reason to run unrelated applications as a single user. There's over 65,000 available user IDs on a typical Unix-like system, and you should take advantage of them. How to do that is dependent on the specific application and the technologies it uses, which would be best asked in a separate question.

womble
  • 98,245
0

It sounds like a unique situation for apps, but I'd ask this of the developers: if the app is a PHP app, why can't they use $_SERVER['SERVER_PORT'] to get the current port for the current app, and cordon off data accordingly? This can be added as a check at the top of a PHP program, and if something untoward is observed, just exit(); or do something that clearly prohibits the undesirable behaviour. How precisely to do this depends on the application.

Khom Nazid
  • 146