harizalan Posted 7 hours ago Posted 7 hours ago Good day! I have detected a few – closely linked – security issues on the Johnny server. First question: where could I contact the developers privately? Of course, it is possible that only I am concerned about insignificant problems, but, for example, being able to bypass the storage limit does not seem to be good. Thank you! Quote
Unknown025 Posted 5 hours ago Posted 5 hours ago Users that bypass the storage limit face a Plesk suspension. That said, if you have genuine security problems to bring up, a root administrator might reach out directly. Quote
harizalan Posted 4 hours ago Author Posted 4 hours ago I have genuine security problems... for bypassing the storage limit, the problem itself is that Plesk does not „see” anything outside the home directory. Thus, I was able to create a rather huge file in /tmp (by running a Bash-based CGI script), which is continuously accessible between two restarts, and Plesk has still shown that my account has the same amount of disk space remaining. Methinks it is an issue. And there are a few other problems as well... Quote
wolstech Posted 1 hour ago Posted 1 hour ago Yeah /tmp is shared by everyone. It's just how Plesk servers work (I know some other products put a user's /tmp inside the home folder which IMO would make more sense, but it is what it is). You shouldn't be able to save things anywhere besides /tmp and ~ though, and there are certain commands, files, and folders that can trigger a permanent ban if their account is seen messing with them. In fact, people tend to fill up /tmp accidentally quite a bit with broken Node apps (passenger logs get saved there, and when people do things like write bad apps, or delete their node app without turning node off, passenger sits there slowly filling /tmp with logs until the server breaks). You'll get suspended for filling /tmp, and monitoring to automatically handle /tmp filling up is a project currently on our radar since its a common issue. We had an outage on Morty due to a full /tmp the other day. As for the space limit not changing in Plesk, consumed disk space is only recalculated a few times a day, so you can technically exceed the limit up front, but it will automatically suspend you when the next recalc happens. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.