• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs Paragraph "Restricting Script Execution in the /tmp Directory" is missing in the "Advanced Administration Guide, Plesk for Linux Obsidian" guide

M

Maarten

Golden Pleskian
Plesk Guru
Username:

TITLE

Paragraph "Restricting Script Execution in the /tmp Directory" is missing in the "Advanced Administration Guide, Plesk for Linux Obsidian" guide

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

not applicable

PROBLEM DESCRIPTION

In the "Advanced Administration Guide, Plesk for Linux 12.5, there is a paragraph that explains how to secure the /tmp directory:

docs.plesk.com

Enhancing Security

When you share a single physical server between many users, you consider all security aspects thoroughly. Although Pl...
docs.plesk.com docs.plesk.com

As this is still a security risk, I wonder why this is missing in the latest Obsidian guide:

Enhancing Security

STEPS TO REPRODUCE

not applicable

ACTUAL RESULT

not applicable

EXPECTED RESULT

not applicable

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Answer the question
 
Consulted with the Plesk Security team. This section is absent because it is not related to Plesk but instead to OS itself. Securing the /tmp directory is not required in the current Plesk security model. Securing this directory may differ for various OSes. It is ok to secure /tmp directory, you could use OS-related instructions outside for securing the server. For example Securing /tmp on a linux server - ITsyndicate
 
Can you please share more details on the "current Plesk security model"?
Why is securing the /tmp folder no longer needed? Because of SELinux?
 
It is not "no longer needed". It is just "not needed". Nothing has changed.
  1. The lack of restricting execution in /tmp is not a vulnerability by itself.
  2. Restricting execution in /tmp can make exploitation of some potential vulnerabilities more difficult because this is a well-known location which exploits often try to use.
  3. Restricting execution in /tmp cannot fully protect from such potential vulnerabilities because (almost) always there are directories other than /tmp allowing an exploit to write and execute files.
 
You must log in or register to reply here.

Similar threads

danami
Forwarded to devs Missing suplimentry packages for Postfix on OS where they upgrade Postfix
Replies
4
Views
843
Sebahat.hadzhi
Sebahat.hadzhi
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
561
Raul A.
R
R
Unable to locally verify the issuer's authority.
Replies
2
Views
2K
Redsector
R
K
Resolved Placeholders for reseller resource overuse notices don't work
Replies
3
Views
2K
Hangover2
Hangover2
P
Resolved 18.0.58 Upgrade throws error when directory is absent
Replies
3
Views
2K
marthasimons
M
Back
Top