Back to Security Pattern Catalog




Server Sandbox


Classification Key : Exterior Security, Tampering

Problem

Any vulnerability that is in a server application is open for manipulation by some malicious user. So the server application should be protected from misuse. However, the diversity of attack types poses a difficulty because the server cannot anticipate it beforehand. How can the server applications be made safe?

Solution

Limit the privileges that web components possess at run time. Create a user account only used by server. Limit the privilege so that it has execution privilege only (no administrative privilege). Web applications require limited privilege once they are started. Assign a Unix server application to listen on a privileged port. Start the application on the server with additional privileges, but once the privileges are no longer needed perform a privilege drop.

Known Uses

Apache Web server starts at port 80 with root privileges, but then lowers its privilege and runs as ‘nobody’.

Related Patterns

chroot Jail

Source

Kienzle et. al. Repository

Tags

Sandboxing


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz