Herbert Poetzl escribió:
> not unexpected, giving any capabilities beyond the
> default set can be considered a (sometimes severe)
> reduction in guest security (i.e. you are handing
> over control to host specific parts which can be
> used either for DoS or in most cases direct control
> over host specific entities)
Well... in a controlled environment -intranet server- I think it's safe.
> CAP_NET_BROADCAST is not critical, as it is currently
> unused :)
Hmmm... That's why this email suggest to add a 'nodev' interface?
http://www.mail-archive.com/vserver@list.linux-vserver.org/msg08832.html
I've running samba guest servers and sometimes I've suffered problems related to nmbd.
What is the point of the setup explained in that mail?
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu May 10 08:41:00 2007