About this list Date view Thread view Subject view Author view Attachment view

From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Sun 07 Mar 2004 - 18:17:01 GMT


> inside a vserver and allows to become root inside the vserver. Of course
> this does not allow to break out of the vserver completly, but if you
 I don't think 'Of course' is the right word here. Almost any kernel root
vulnerability leads to breaking out of vserver chroot in the right( err...
wrong ) hands. Fortunatelly xploit writers tend to ignore vserver
enviroment, so luckily ( I think a bit better suited expression then 'Of
course' for this situation ) most of latest exploits land your right back
inside vserver you started from.

 What vserver protects from is faults in user suid programs/daemons.

 To be protected(?) from kernel vulnerabilities you need UML-style
solutions, of course, once someone roots uml, there's very little stopping
him from breaking out of UML and running exploit outside.

-- 
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
We're giving you a new chance in life, and an opportunity
 to screw it up in a new, original way.
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 07 Mar 2004 - 18:19:30 GMT by hypermail 2.1.3