Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-hardened@g.o
From: 7v5w7go9ub0o <7v5w7go9ub0o@...>
Subject: Re: [gentoo-hardened] Re: Mini Gentoo in VMWare
Date: Sat, 04 Nov 2006 18:47:03 -0500
On Sat, 04 Nov 2006 13:54:56 -0500, John Schember <j5483@...> wrote:

> On Sat, 2006-11-04 at 13:40 -0500, Kwon wrote:
>> Can a hacked instance of VMWare bring down the entire system?
>
> Considering that VMware server uses kernel modules for operation on the
> host system. Also that it likes to run as root (I haven't checked to see
> if it can run as an unprivileged user) and that it wants to use
> xinetd... I would say that you should at least be careful with it.
>

Well, this gets at my original musing...... are you really safer with a  
grsecurity-hardened-chrooted VMware application (with root privileges,  
that uses at least some of the host's kernel) or a  
grsecurity-hardened-chrooted program with no privilege and only the  
additional executables necessary to keep it running.

And if the answer is yes, are you significantly safer?

In one sense there'd be a thicker layer between the host and the server,  
but in another sense the added complexity and root host privilege may add  
vulnerabilities?

(Sorry if this is foolish...... the answer seems less than obvious)



-- 
gentoo-security@g.o mailing list


References:
Re: Mini Gentoo in VMWare
-- 7v5w7go9ub0o
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: Mini Gentoo in VMWare
Next by thread:
mount noexec and ro
Previous by date:
Re: mount noexec and ro
Next by date:
Re: mount noexec and ro


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.