Re: using sarge on production machines
--- Marc Haber <firstname.lastname@example.org> wrote:
> Nice idea. However, if somebody roots one of the UML installation,
> that somebody can probably escape out of the UML and gain user
> privileges on the host system and then use one of the numerous kernel
> vulnerabilities (I have long lost track of them) to escalate to root
> on the host system.
I can't guarantee 100% security but I can make it harder for someone to
do it, its a trade off.
As for gaining user rights on the host. Each user has passwords
disabled and is in a chroot jail. The kernel is statically linked so
there are 2 files in the jail, the kernel and the filesystem.
It might not be bullet but then I have yet to hear of anything that is.
> I am quite sceptical about using UML to allow security flaws in
> UMLled system components.
Thats not what I am doing, I offer UML accounts because people want
root on a machine. I am certainly not about to give them all root on
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!