From: edward_at_paradigm4.com.au
Date: Thu 24 Jan 2002 - 04:34:20 GMT
------- Forwarded message follows -------
Send reply to: <support_at_nsnoc.com>
From: "John Lyons" <support_at_nsnoc.com>
To: <edward_at_paradigm4.com.au>
Subject: RE: vproc
Date sent: Wed, 23 Jan 2002 11:22:58 -0000
> Coming to think of it, there are some non-pid /proc entries
> that may be useful to have
> inside vserver, e.g. /proc/net/tcp, /proc/net/udp etc.., used
> by netstat.
> It would be cool to filter these and only show connections
> related to this vserver.
>
> ifconfig is using ioctl not proc so it will reveal the
> network interface info
> which is not a big drama but would be nice to isolate that too.
This is one of the things that I was a little iffy about. ifconfig will show
users how many other servers they're sharing with and their IP addresses.
My concern was that if they had sufficient access to have ifconfig output
info like that they may have enough access to have a sniffer pull all
traffic from the network interface. I've been assured that this isn't
possible but I'm still going to put a packet sniffer on a vserver just to
satisfy myself.
------- End of forwarded message -------