|
List Info Thread: Mini Gentoo in VMWare
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Mini Gentoo in VMWare |
|
List Info Thread: Mini Gentoo in VMWare
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
yahoo.com> wrote:
> On Sat, 2006-11-04 at 13:40 -0500, Kwon wrote:
>> Can a hacked instance of VMWare bring down the
entire system?
>
> Considering that VMware server uses kernel modules for
operation on the
> host system. Also that it likes to run as root (I
haven't checked to see
> if it can run as an unprivileged user) and that it
wants to use
> xinetd... I would say that you should at least be
careful with it.
>
Well, this gets at my original musing...... are you really
safer with a
grsecurity-hardened-chrooted VMware application (with root
privileges,
that uses at least some of the host's kernel) or a
grsecurity-hardened-chrooted program with no privilege and
only the
additional executables necessary to keep it running.
And if the answer is yes, are you significantly safer?
In one sense there'd be a thicker layer between the host and
the server,
but in another sense the added complexity and root host
privilege may add
vulnerabilities?
(Sorry if this is foolish...... the answer seems less than
obvious)
--
gentoo-security