About this list Date view Thread view Subject view Author view Attachment view

From: Thomas Weber (l_vserver_at_mail2news.4t2.com)
Date: Thu 13 Jan 2005 - 16:55:13 GMT

[and this time to the list also]

On Thu, Jan 13, 2005 at 05:12:43PM +0100, Herbert Poetzl wrote:
> > No capability module/support in kernel -> the shutdown scripts inside
> > the vserver shut down all my network interfaces of the whole box.
> now the question arises, why do the shutdown scripts
> do that at all?

well, it's the default /etc/init.d/networking stop doing an ifdown -a
on a debian system.

> > So I think the util-vserver package should make sure that there is
> > capability support in the kernel before starting the vserver or else it
> > will silently run insecure vservers!
> well, IMHO that is something beyond the scope of
> util-vserver. why? simple, you would encounter the
> same issues on a vanilla system, if you do not load
> or compile in the capability stuff, similar to the
> issues you will encounter if you do not compile in
> support for ipv4, which clearly is _not_ something
> util-vserver should take care of when starting a
> new vserver ...

I don't think it's much diffrent than checking the permissions of
/vservers and giving a warning...

> > this was with 2.6.9+vs1.9.3 and util-vserver 0.30.196
> as beforementioned a clean vserver config should not
> touch the hardware (and therefore not take down the
> interfaces) regardless of the capabilities (i.e. the
> admin should have cleaned them up)

even a clean vserver config given away to a customer can end up in an
'unclean' vserver - customer's doing updates or maybe even intentional
writes /etc/init.d/ scripts which will then be run from outside the
vserver by root on the host. And this is something I consider a serious
security problem.
So at least a warning message should be printed!

I don't consider myself a newbie, and I'm running vservers for quite
some time now - this wasn't a know issue to me and it's not very
obvious to figure out. Yet I'm glad this was a problem for me, because
an as you call it 'clean vserver config' would not have triggerd this
behaviour and maybe I would now run totally insecure vservers without
knowing. Maybe there are already lots of insecure vservers up and
running out there.

Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 13 Jan 2005 - 16:55:51 GMT by hypermail 2.1.3