From: klavs klavsen (kl_at_vsen.dk)
Date: Wed 06 Mar 2002 - 16:20:27 GMT
just studied jail a little.. found missing info on chcontext
functionality. The answers to the questions below I think would be great
additions to the chcontext Man-page.
quote from the FAQ (jail vs. vserver)>>
The new_s_context is not privileged, so a normal user can use this to,
for example, setup a personal security box before executing a
If I start my services (on main vserver) with chcontext, does this mean
that if one of the services (started from the same vserver as the
others) got hacked, the hacker wouldn't be able to access any other
it only seperates processes, so wouldn't the hacker just be able to
"screw up" all the files..
And if he local exploit in a program he could achieve vserver "root",
and then just stop the processes?
if so, are there any security context where using chcontext within a
vserver would help any?
-- Regards, Klavs Klavsen
-------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant kl_at_vsen.dk - http://www.vsen.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter