[rhacker]

Are the old hosting companies of the past still sharing the same disk with other users? I remember going cd .. and seeing a bunch of folders in /home from other users. If any one of those users used a chmod incorrectly I would be able to access their shit. It is not super likely for most files but well known files can be a problem. Beyond that, trusted CGI-BIN processes could probably be used to get around security concerns (takes some work). I've been wondering if many of these FTP/SSH/Hosting sites have since moved to docker or some containerization tech.

All this assuming the hacker would use a gift card to get a paid account to start.

[ummonk]

Standard containerization technology (e.g. docker) isn’t designed to sandbox untrusted code.

[inetknght]

Do tell what is designed to sandbox untrusted code

[jturpin]

AWS Has written Firecracker for this purpose https://firecracker-microvm.github.io/

[javajosh]

Xen Hypervisor can do that https://xenproject.org/developers/teams/xen-hypervisor/

[driverdan]

I have a shared hosting account with Dreamhost. A while back I went looking for accessible stuff under other user's accounts. It was fairly easy to find both readable and writable directories.

This was a while ago so I don't know if they found a solution. User home directories are private but you can easily guess common paths under them (eg wordpress).

[nathancahill]

`wp-content/uploads` that everyone set to 777 because Wordpress used to (maybe still does?) have obtuse documentation on how to make this writeable in a safe way.

[perlgeek]

I know of a legacy hosting solution that uses shared disks, but they also use a chroot wrapper for the sftp access to make sure a misuse of chmod doesn't leak data to other customers.

Allowing executable code (CGI, PHP) in such an environment is just a recipe for trouble.