On Tue, Oct 24, 2006 at 10:35:22AM -0700, Christopher Marshall wrote:
> Would running a UML instance from a user account with no priviledges
> on the host be sufficient to prevent a root process controlled by a
> malicious user running within the UML from taking any possible
> advantage of the host?
At most, the malicious user would be able to get whatever priviliges
the user running the UML has (in your scenario, that would be none).
> I realize that it is probably advisable (due to bugs not currently
> known) to run the UML instance from within a chroot containing only
> the UML kernel and its filesystem image and a few device nodes like
> /dev/net/tun needed to bring up networking, but as far as you know,
> is it *necessary* to do so?
As far as I know, it's not.
Jeff
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
