Re: using sarge on production machines
Marc Haber schrieb am Friday, den 18. February 2005:
> On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
> > --- Marc Haber <mh+debian-security@zugschlus.de> wrote:
> > > What does this gain you? A compomised uml is as bad as a compromised
> > > system.
> >
> Nice idea. However, if somebody roots one of the UML installation,
> that somebody can probably escape out of the UML and gain user
> privileges on the host system and then use one of the numerous kernel
> vulnerabilities (I have long lost track of them) to escalate to root
> on the host system.
>
> I am quite sceptical about using UML to allow security flaws in UMLled
> system components.
Have a look at vservers (http://linux-vserver.org/), designed
specifically to fix the problems that can be circumvented with
chroots, take up significantly less resources than UMLs, and are
really quite cool.
micah
Reply to: