Re: [Vserver] secure a guest against the host's root-account:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] secure a guest against the host's root-account

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Mon 24 Apr 2006 - 15:16:07 BST
Message-ID: <20060424141607.GD29801@MAIL.13thfloor.at>

On Mon, Apr 24, 2006 at 08:02:43AM +0200, Oliver Welter wrote:
> Hi Folks,
>
> this might be a strange question for some of you as it is more an
> academical interesst, but I hope you can help me out ;)
>
> Q: Is there a way to prevent that a superuser on the host system can
>
> * see process of a guest
> * enter a guest
> * receive any other valuable info from the guest

well, all this is _theoretically_ possible, and in
many cases quite easy, for example the 'enter' part
is already there, just not activated. we could also
hide certain guests or guest processes from the watch
(spectator) context, it would probably be a little
harder with the filesystem though, although private
namespaces could help there too.

the question is, what would stop a malicious user
from using exactly those features to hide evil stuff
from the host admin?

> The idea behind is easy - I want to give away a guest system that
> uses an encrypted filesystem for its sensible data. The guest system
> itsself will provide only very limited access to the data via an API
> and it must be prevented by any means that even the "Bofh" of the host
> can access any of the data....

I can imagine having a kernel compile time option to
enable certain 'security' features ... or disable
certain host admin capabilities

> So, is there any way to do this?

definitely, if you plan to pursue this direction,
please contact me and I will see what I can do.

best,
Herbert

> I guess that SELinux/GR will offer some pointers to forbid root these
> actions, but are there any "easier" ways ??
>
> Oliver
> --
> Diese Nachricht wurde digital unterschrieben
> oliwel's public key: http://www.oliwel.de/oliwel.crt
> Basiszertifikat: http://www.ldv.ei.tum.de/page72

> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Apr 25 17:17:12 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 25 Apr 2006 - 17:17:17 BST by hypermail 2.1.8