From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 27 Apr 2005 - 18:13:05 BST
On Wed, Apr 27, 2005 at 06:49:21PM +0200, Oliver Dietz wrote:
> Hi Oliver,
>
> >>Would you give anyone (that you don't know realy good) root-access to a
> >>(correctly configured) vserver, when the host-system is a sensible
> >>productive system?
> >
> >As there are a lot of companys outside who sell vServer's on their
> >systems I think - yes you can ;)
>
> ok, that a good point/answer :-))
>
> >vServer has mulitple securitty features to prevent people from breaking
> >out of a context - I dont know if there is no way, but at least there is
> >no known one at the moment
>
> I'm trying a few days now to get the infomarions from all the "papers" on
> linux-vserver.org together ... but it's realy hard to find the "red line"
> through all that ... so i'm not realy sure if i've done all correct and if
> my vserver is secure (i'm no real linux-inside) isolated ...
>
> Is there a tool (like testme.sh) that tests the common (maybe also
> uncommon) possibilities of misconfigurations (like the capabilities and
> chroot-exploids) from inside the VServer?
not yet, but sounds like something useful to me ...
any volunteers?
best,
Herbert
> Thanks!
> Oliver
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver