6

I have a domain and a subdomain (on the same hosting) with isolated, jailed directories (no ability to go from one to another) and separate user accounts, as if they were two different domains (has own Control Panels, with full DNS ZONE management):

 example.com        /home/user43239572/
 sub.example.com    /home/other1234567/

I gave subdomain panel to another person (that I dont trust). Is there any chance of any possible security threat from that subdomain?

T.Todua
  • 2,677
  • 4
  • 19
  • 28
  • 3
    > I gave subdomain panel to another person (that I dont trust). Why? –  Jan 02 '17 at 20:41

3 Answers3

12

Based on the few details of this setup and some guess work what you might use this setup for the following problems come to mind:

  • with local privilege escalation exploit one might break out of the chroot and affect other users on this system.
  • if used in a web context it is possible to set/override cookies into the others domain and thus change the behavior of the application
  • similar other restrictions on the main site (like content security policy, CORS...) can be too lax in include the subdomain which might be used in attacks.
  • depending on the CA and the control the user has over the domain (can change web sites, email...) it might be possible that the user can get a SSL certificate for the subdomain and also for the upper domain too.
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
6

Yes.

Although we don't know all the details about the OS you are using or about the different software's you use the potential attack is a Privilege Escalation that can be done. The attacker (in this case the person you gave a user to) can manipulate exploits found in your server to escalate his user and gain access to unwanted privileges and escape the "jailed directory".

You can view here a few examples of privilege escalation.

Bubble Hacker
  • 3,615
  • 1
  • 11
  • 20
-2

Is this a joke? "I gave subdomain panel to another person (that I dont trust)." Uh, don't do that? Obviously you have a security vulnerability; you granted access to somebody you don't trust. You might as well assume you gave the keys to the bank to a bank robber. You can only defend what you know; if your untrusted user comes up with an attack you didn't think of, you're screwed. Always assume the attacker is smarter than you.

mobileink
  • 97
  • 2
    If you run shared hosting you might have to do this, because you can not trust the customers. – Anders Jan 02 '17 at 21:50
  • @Anders: fair enough, but I took the OPs comment to mean "somebody I know I should not trust" rather than "somebody I do not know". – mobileink Jan 02 '17 at 21:52
  • anyway, the OPs q was "I there any chance of any possible security threat from that subdomain?" the answer to that kind of broad question is always "yes". better: "what are the *known* threats in this kind of situation?" – mobileink Jan 02 '17 at 22:03