Re: [vserver] Are bind mounts to outside the /vserver base a security risk?:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] Are bind mounts to outside the /vserver base a security risk?

From: Johan <list.vserver_at_centerpoint.be>
Date: Mon 19 Nov 2007 - 16:41:54 GMT
Message-ID: <20071119174154.arbyj2jw844ck0c8@webmail.centerpoint.be>

Hi Ed,

Quoting Ed W <lists@wildgooses.com>:

> If I have my chroot barrier set on /vserver and then bind mount (for
> some reason) something from /var/xxx into a vserver, does this then
> offer an (accidental) way to break out of the chroot using some kind of
> ".." attack on the bind mount?

I don't think mounting another device poses a big _additional_ security risk.

But, if you are concerned about breaking out of virtual hosts, than
you probably have other worries, as virtual servers are not meant for
security purposes.

Best regards,

Johan.
Received on Mon Nov 19 16:42:39 2007

This message: [ Message body ]
Next message: Daniel Hokka Zakrisson: "Re: [vserver] Are bind mounts to outside the /vserver base a security risk?"
Previous message: Daniel Hokka Zakrisson: "Re: [vserver] /proc/asound in a virtual host?"
In reply to: Ed W: "[vserver] Are bind mounts to outside the /vserver base a security risk?"
Next in thread: Daniel Hokka Zakrisson: "Re: [vserver] Are bind mounts to outside the /vserver base a security risk?"
Reply: Daniel Hokka Zakrisson: "Re: [vserver] Are bind mounts to outside the /vserver base a security risk?"
Reply: Guenther Fuchs: "Re: [vserver] Are bind mounts to outside the /vserver base a security risk?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 19 Nov 2007 - 16:42:46 GMT by hypermail 2.1.8