Re: using sarge on production machines

To: Marc Haber <mh+debian-security@zugschlus.de>
Cc: harry@uklug.co.uk, debian-security@lists.debian.org
Subject: Re: using sarge on production machines
From: Micah Anderson <micah@riseup.net>
Date: Fri, 18 Feb 2005 14:55:09 -0600
Message-id: <[🔎] 20050218205509.GK17277@riseup.net>
In-reply-to: <[🔎] 20050218124448.GJ24763@torres.l21.ma.zugschlus.de>
References: <[🔎] 20050218113319.GE24763@torres.l21.ma.zugschlus.de> <[🔎] 20050218124056.73775.qmail@web50406.mail.yahoo.com> <[🔎] 20050218124448.GJ24763@torres.l21.ma.zugschlus.de>

Marc Haber schrieb am Friday, den 18. February 2005:

> On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
> > --- Marc Haber <mh+debian-security@zugschlus.de> wrote:
> > > What does this gain you? A compomised uml is as bad as a compromised
> > > system.
> > 
> Nice idea. However, if somebody roots one of the UML installation,
> that somebody can probably escape out of the UML and gain user
> privileges on the host system and then use one of the numerous kernel
> vulnerabilities (I have long lost track of them) to escalate to root
> on the host system.
> 
> I am quite sceptical about using UML to allow security flaws in UMLled
> system components.

Have a look at vservers (http://linux-vserver.org/), designed
specifically to fix the problems that can be circumvented with
chroots, take up significantly less resources than UMLs, and are
really quite cool. 

micah

Reply to:

References:
- Re: using sarge on production machines
  - From: Marc Haber <mh+debian-security@zugschlus.de>
- Re: using sarge on production machines
  - From: Harry <postituk@yahoo.com>
- Re: using sarge on production machines
  - From: Marc Haber <mh+debian-security@zugschlus.de>

Prev by Date: Re: Kernel security advice
Next by Date: Re: using sarge on production machines
Previous by thread: Re: using sarge on production machines
Next by thread: Re: using sarge on production machines
Index(es):
- Date
- Thread