[vserver] Vserver Kernel Exploits

From: Ted Barnes <madogdevelopment_at_gmail.com>
Date: Sun 19 Jan 2014 - 14:55:22 GMT
Message-ID: <52DBE75A.80001@gmail.com>

Hi All -

In terms of Vserver security, I was hoping to get some community input
on the following:

1) I'm running gnome including Firefox in my vserver guests . Is it a
correct assumption that such a guest is susceptible to the types of
kernel exploits that would allow an attacker to take control of the
guest as root (e.g., maybe some sort of sql injenction off of an
infected website)? I.e., does the guest architecture per se eliminate
this sort of risk? Or is the best one can do is to use a current
kernel, keep the guest patched etc.?

2) Should such an attack succeed, could the attacker then begin to
attack other guests on the network?

3) My guests are on a different subnet than the host. Should such an
attack succeed in a guest, could it mount a successful attack on the
host over the network if the host had iptables in place, was up to date
in its patches etc.?

Thanks for any input.
Received on Sun Jan 19 15:02:12 2014

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 19 Jan 2014 - 15:02:12 GMT by hypermail 2.1.8