[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

Marc Haber schrieb am Friday, den 18. February 2005:

> On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
> > --- Marc Haber <mh+debian-security@zugschlus.de> wrote:
> > > What does this gain you? A compomised uml is as bad as a compromised
> > > system.
> > 
> Nice idea. However, if somebody roots one of the UML installation,
> that somebody can probably escape out of the UML and gain user
> privileges on the host system and then use one of the numerous kernel
> vulnerabilities (I have long lost track of them) to escalate to root
> on the host system.
> I am quite sceptical about using UML to allow security flaws in UMLled
> system components.

Have a look at vservers (http://linux-vserver.org/), designed
specifically to fix the problems that can be circumvented with
chroots, take up significantly less resources than UMLs, and are
really quite cool. 


Reply to: