Re: [Vserver] secure a guest against the host's root-account:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] secure a guest against the host's root-account

From: Sebastian Harl <sh_at_tokkee.org>
Date: Mon 24 Apr 2006 - 22:27:32 BST
Message-ID: <20060424212731.GC15077@albany.tokkee.org>

Hi there,

> Q: Is there a way to prevent that a superuser on the host system can

Well, usually one characteristic of a superuser is the right to do
_everything_. Even if you use something like SELinux or whatever, most
superusers have physical access to their machines in one way or another.

IMHO the best way to prevent a superuser from having access to sensible data
is to use some form of PGP/GnuPG (or the like) encryption. But even then the
superuser is able to read the memory of running processes...

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl
GnuPG-ID: 0x8501C7FC
http://tokkee.org/

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

application/pgp-signature attachment: Digital signature

Received on Tue Apr 25 17:14:15 2006

This message: [ Message body ]
Next message: Herbert Poetzl: "Re: [Vserver] secure a guest against the host's root-account"
Previous message: Guenther Fuchs: "[Vserver] [x86] 2.6.16.8(9)-vs2.0.2-rc17 works with FC5"
In reply to: Oliver Welter: "[Vserver] secure a guest against the host's root-account"
Next in thread: Herbert Poetzl: "Re: [Vserver] secure a guest against the host's root-account"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 25 Apr 2006 - 17:14:25 BST by hypermail 2.1.8