1 |
On Sat, 04 Nov 2006 13:54:56 -0500, John Schember <j5483@×××××.com> wrote: |
2 |
|
3 |
> On Sat, 2006-11-04 at 13:40 -0500, Kwon wrote: |
4 |
>> Can a hacked instance of VMWare bring down the entire system? |
5 |
> |
6 |
> Considering that VMware server uses kernel modules for operation on the |
7 |
> host system. Also that it likes to run as root (I haven't checked to see |
8 |
> if it can run as an unprivileged user) and that it wants to use |
9 |
> xinetd... I would say that you should at least be careful with it. |
10 |
> |
11 |
|
12 |
Well, this gets at my original musing...... are you really safer with a |
13 |
grsecurity-hardened-chrooted VMware application (with root privileges, |
14 |
that uses at least some of the host's kernel) or a |
15 |
grsecurity-hardened-chrooted program with no privilege and only the |
16 |
additional executables necessary to keep it running. |
17 |
|
18 |
And if the answer is yes, are you significantly safer? |
19 |
|
20 |
In one sense there'd be a thicker layer between the host and the server, |
21 |
but in another sense the added complexity and root host privilege may add |
22 |
vulnerabilities? |
23 |
|
24 |
(Sorry if this is foolish...... the answer seems less than obvious) |
25 |
|
26 |
|
27 |
|
28 |
-- |
29 |
gentoo-security@g.o mailing list |