On Mon, Aug 14, 2006 at 09:56:17AM +0200, Stephan Mueller wrote:
> Hi,
>
> is there a way to run/use fuse inside a vguest without risking
> security problems?
we didn't find time to test/analyze fuse inside a guest
yet, but from the top of my head the following security
issues might apply:
- broken/buggy filesystems may crash/hang the kernel
- fuse might add indefinite timeouts, affecting the
other guests (performance wise)
- excessive unlimited dentries and caching could
interfere with other guests (DoS)
> I am currently using the stable tree on a 2.6.17 kernel.
>
> Any hints/ideas welcome! ;)
if you give it a try, I'd suggest to try some evil
attacks inside a guest, to figure what can be done :)
(and of course, keep us posted)
best,
Herbert
> Cheers,
>
> Steph.
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Aug 17 22:13:53 2006