On Tue, 24 Oct 2006, Jeff Dike wrote:
> On Tue, Oct 24, 2006 at 10:35:22AM -0700, Christopher Marshall wrote:
>> Would running a UML instance from a user account with no priviledges
>> on the host be sufficient to prevent a root process controlled by a
>> malicious user running within the UML from taking any possible
>> advantage of the host?
>
> At most, the malicious user would be able to get whatever priviliges
> the user running the UML has (in your scenario, that would be none).
>
>> I realize that it is probably advisable (due to bugs not currently
>> known) to run the UML instance from within a chroot containing only
>> the UML kernel and its filesystem image and a few device nodes like
>> /dev/net/tun needed to bring up networking, but as far as you know,
>> is it *necessary* to do so?
>
> As far as I know, it's not.
>
> Jeff
>
Jeff,
I justed wanted to say *thanks* for being such a cool project
maintainer and being accessible. I have worked with another project
(sorry, not saying which) and the maintainer is really hard to interact
with or even get any attention from.
All,
And *thanks* goes to all the other contributors as well. Open Source
is great.
Bill Stearns are you still out there? I just realized you taught
one of my SANS security courses. Small world.
--
John P. Mitchell <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
