Re: [Vserver] secure a guest against the host's root-account

From: Serge E. Hallyn <serue_at_us.ibm.com>
Date: Tue 25 Apr 2006 - 13:55:25 BST
Message-ID: <20060425125525.GD17408@sergelap.austin.ibm.com>

Quoting Eugen Leitl (eugen@leitl.org):
> On Tue, Apr 25, 2006 at 08:25:37PM +1000, Tony Lewis wrote:
>
> > I think this would be a valuable addition to vservers. One of the risks
> > of "renting" a virtual server (pick your flavour) is that you're not
> > safe from the hosting sysadmin. If vservers could offer something like
>
> You are never safe from the hoster. Either you trust her, or you don't.
> It's as simple as that.
>
> (Or, you bring in sealed tamper-proof hardware in, then you have
> some degree of protection).

Agreed.

Now if you *are* the host admin, you can provide the needed
infrastructure so that you can farm out some of the lighter admin work
to "mostly but not quite trusted" sub-admins, and keep them from poking
the vservers.

But you simply cannot protect from the host admin. After all, what
makes him run your new kernel, unpatched? What stops him rebooting, or
poking /dev/kmem, or loading kernel module
"open-up-vservers-like-cracked-eggs.ko"?

-serge
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Apr 25 16:10:14 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 25 Apr 2006 - 16:10:27 BST by hypermail 2.1.8