From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Sun 07 Mar 2004 - 18:17:01 GMT
> inside a vserver and allows to become root inside the vserver. Of course
> this does not allow to break out of the vserver completly, but if you
I don't think 'Of course' is the right word here. Almost any kernel root
vulnerability leads to breaking out of vserver chroot in the right( err...
wrong ) hands. Fortunatelly xploit writers tend to ignore vserver
enviroment, so luckily ( I think a bit better suited expression then 'Of
course' for this situation ) most of latest exploits land your right back
inside vserver you started from.
What vserver protects from is faults in user suid programs/daemons.
To be protected(?) from kernel vulnerabilities you need UML-style
solutions, of course, once someone roots uml, there's very little stopping
him from breaking out of UML and running exploit outside.
-- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 We're giving you a new chance in life, and an opportunity to screw it up in a new, original way. _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver