Currently I have multi-user linux servers where developers access through remote desktop and use the session as work environment.
But I'm a bit concerned about the increasing popularity of applications applications using a localhost port to communicate between parts (for example back-end in python and front-end opened in a browser, ex: https://gdbgui.com/ )
On a unix multi-user desktop environment localhost is accessible by any user.
And worst, even if that kind of application would want to implement a secure connection between the web front-end and the back-end there is no really perfect solution:
- use HTTP over unix domain socket (AF_UNIX): not currently supported by popular web browser
- use a "user" private network interface "localuser": inexistant, localhost is the only standard
- use a tocken in the url launched by the browser: http://localhost/?tocken=xyz : the tocken can leak to other user through the command line argument if procfs is not mounted with hidepid=1 option
- have a password set during program installation, ask the user to enter the password and set a session cookie: not the most user friendly for a desktop application...
So I can't even report bugs to the devs of these applications and hope for fixes !
My conclusion is that it seems that unix multi-user desktop environments are nowadays considered harmful for this use case (and I'm pretty they are for others use cases where multi user envs are considered harmful). And that I should consider switching to VDI (1 virtual machine per user) as soon as possible. But it would be a lot of work to migrate from multi-user environment to 1 virtual machine desktops per user.
But I want to be sure before changing my infrastructure: I am right in my reasoning or too much alarming ?
N.B: I know it is an unclear question, it a result of a long search on securing localhost connexions on my multi-user unix environments without any successful solution, so I'm hoping for interesting opinions about this problem...