vserver development mailing list: Re: [vserver] halt issue

Re: [vserver] halt issue:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Christian Mayrhuber (christian.mayrhuber_at_gmx.net)
Date: Sun 13 Apr 2003 - 15:43:30 BST

Previous message: Eric Estabrooks: "Re: [vserver] halt issue"
In reply to: Eric Estabrooks: "Re: [vserver] halt issue"

Am Sonntag, 13. April 2003 16:11 schrieben Sie:
> Christian Mayrhuber wrote:
> >Am Sonntag, 13. April 2003 08:33 schrieben Sie:
> >
> >
> >
> >Do not mount devfs in a virtual server, because you will loose all
> > security. As far I know, only the following devices are safe:
> >full log null ptmx pts random tty urandom xconsole zero
>
> Ah.
>
> so is there something in the context patch that prevents the mknod
> command from making devices and allowing people to subvert security?
>
> Eric

Exactly, it takes away the CAP_MKNOD and most other capabilities, see:
/usr/include/linux/capability.h and
http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=2&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0

-- 
lg, Chris

Previous message: Eric Estabrooks: "Re: [vserver] halt issue"
In reply to: Eric Estabrooks: "Re: [vserver] halt issue"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 13 Apr 2003 - 15:58:01 BST by hypermail 2.1.3