[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Openvds-devel] Control Panel for OpenVDS-2
From: |
Paul Sladen |
Subject: |
Re: [Openvds-devel] Control Panel for OpenVDS-2 |
Date: |
Mon, 14 Jan 2002 13:52:27 +0000 (GMT) |
On Mon, 14 Jan 2002, Wim Godden wrote:
>
> Isn't that a bit risky ? If those users will be root (even if chrooted), they
> will run processes as root as well, right ?
You'll have to have some *tight* capabilites; consider that:
a) root can create a hard link to inode zero (jail busted).
b) do anything they want with /proc/kcore (*whatever* to *whoever*).
The only thing I saw in the BSD jail() was locking all communications to a
specific IP address; currently the default BIND in VSD is the
hosting-servers's IP address, and secondly, there's no checking against
binding against 0.0.0.0 (ie, everyone else's IP too).
Again the BSD jail() is actually relying on *capabilities* offered within
the BSD process system (and the extra entry in the PS struct that ensures
pass-down of the restrictions from father to child. This would be a useful
thing to have; however...
-Paul
- RE: [Openvds-devel] Control Panel for OpenVDS-2, (continued)
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Wim Godden, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Wim Godden, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2,
Paul Sladen <=
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- Re: [Openvds-devel] Control Panel for OpenVDS-2, Joe Cooper, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Paul Sladen, 2002/01/14
- RE: [Openvds-devel] Control Panel for OpenVDS-2, Dave Cost, 2002/01/14