Home
Live chat Forum Online shop Free demo Lxlabs
Products | Partners | Company | Home


Related Links LxAdmin API Installation Help Features Online Forum Download Screen Shots Buy

Products & Services Lxadmin HyperVM Product Support

Home | Full Feature List | Demo | Api | Security | Testimonial | Upgradation | Clustering | File Manager | Ergonomic Interface | Full Hosting Map | Release Tracking System | Register | Screenshots | Installation Documents

Lxadmin has been designed with what can be considered as a paranoid security model. The basic principle being that every module is built with the explicit assumption that no other module can be trusted. We take security as the most serious of the concerns and have worked hard to create a secure environment where you can be confident about the server's state.

    Lxadmin sports a 5 tier security model:

  • Lxadmin itself runs as user 'lxlabs' which is simply yet another user in the system, who has absolutely no special permissions. All system executions are handled by another process that runs in the background and communicates with lxadmin through a socket. This security model works on both Windows and Linux, and makes sure that even if lxadmin itself is compromised, the attacker cannot have any access to the system.
  • File manager never accepts full path from the user. The file manager only allows the user to provide relative paths, and these paths are fully sanitized before any operation is carried out. This makes sure that the user is locked into this own directory and is not allowed to move around to any place outside of his root directory. Lxadmin file-manager will not follow symlinks other than for the root user.
  • User cannot perform any operation on any file other than the one's he own. Before every operation is carried out, it is determined to see if the user fully owns every file that are involved in the operation, and lxadmin will fail otherwise. Any attempts by the user to read or copy the system files or any other's files will result in an exception being raised. (That is, IF he manages to break out of the jail).
  • All program executions are carried out only after the context is switched to that of the user who requested it. Thus even if the user manages to break out of the jail, the maximum privileges that he can achieve is that of the system user consigned to him.
  • Complete Logging. Lxadmin logs every single change that was made to the file system, and also every single execution of any external program. These logs will help you track down any kind of attempts to gain system privileges.

We intend to take security further forward in the future by adding tighter authentication between the different modules, locking execution to only a few set of predefined directories, and also by making it impossible for people to carry out the standard sequences of actions that are necessary to gain access to root.



Try LxAdmin Online

Experience the wonders of Lxadmin live on our demo.


© 2002-2008 lxlabs Contact Us
Terms of Use   |  Privacy Statement  |  Contact Us  |  Home