[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

--- Marc Haber <mh+debian-security@zugschlus.de> wrote:
> Nice idea. However, if somebody roots one of the UML installation,
> that somebody can probably escape out of the UML and gain user
> privileges on the host system and then use one of the numerous kernel
> vulnerabilities (I have long lost track of them) to escalate to root
> on the host system.

I can't guarantee 100% security but I can make it harder for someone to
do it, its a trade off.

As for gaining user rights on the host. Each user has passwords
disabled and is in a chroot jail. The kernel is statically linked so
there are 2 files in the jail, the kernel and the filesystem. 

It might not be bullet but then I have yet to hear of anything that is.
> I am quite sceptical about using UML to allow security flaws in
> UMLled system components. 

Thats not what I am doing, I offer UML accounts because people want
root on a machine. I am certainly not about to give them all root on
the host.


Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 

Reply to: