I've not seen this discussed anywhere, and it's a bit of an under documented facet nowadays.
But, how does one go about securing a "tilde town".
That is, when you're letting random strangers have access to your machine with a fully operating shell, all of the Unix tool suite, and even programming languages, what's the threat level like?
Most security today is keeping people off the server in the first place, but here we're holding the door open for them.
Back in the day, I had a Netcom dial up shell account. So, I assume there's some way to secure a system where folks log in to a random machine and have their home directory NFS mounted. In the old days, there was NIS, but that's right out from what I can read. Replaced with LDAP I reckon.
Anyway, I appreciate that many of these communities are "Friendly", with several "don't do that" clauses in their guidelines, but that doesn't mean there's not room for stuff to be better secured.
Ive made https://webide.se that gives you a Linux shell on a shared machine. I count on Linux to be secure by default. So users are free to do whatever they want except email spam, dos attacks, and crypto mining which is blocked by iptables. Im working on giving each user their own IP but for now incoming connections are proxied via http proxy and unix sockets and wildcard domain name so that foo.user.webide.se is proxied to /home/user/sock/foo
Similar services use Docker containers or VPS for user isolation.
But, how does one go about securing a "tilde town".
That is, when you're letting random strangers have access to your machine with a fully operating shell, all of the Unix tool suite, and even programming languages, what's the threat level like?
Most security today is keeping people off the server in the first place, but here we're holding the door open for them.
Back in the day, I had a Netcom dial up shell account. So, I assume there's some way to secure a system where folks log in to a random machine and have their home directory NFS mounted. In the old days, there was NIS, but that's right out from what I can read. Replaced with LDAP I reckon.
Anyway, I appreciate that many of these communities are "Friendly", with several "don't do that" clauses in their guidelines, but that doesn't mean there's not room for stuff to be better secured.
Any write ups on this?