Re: [Vserver] fuse in vguest without security problems?

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Thu 17 Aug 2006 - 22:13:31 BST
Message-ID: <20060817211331.GB2125@MAIL.13thfloor.at>

On Mon, Aug 14, 2006 at 09:56:17AM +0200, Stephan Mueller wrote:
> Hi,
>
> is there a way to run/use fuse inside a vguest without risking
> security problems?

we didn't find time to test/analyze fuse inside a guest
yet, but from the top of my head the following security
issues might apply:

 - broken/buggy filesystems may crash/hang the kernel
 - fuse might add indefinite timeouts, affecting the
   other guests (performance wise)
 - excessive unlimited dentries and caching could
   interfere with other guests (DoS)

> I am currently using the stable tree on a 2.6.17 kernel.
>
> Any hints/ideas welcome! ;)

if you give it a try, I'd suggest to try some evil
attacks inside a guest, to figure what can be done :)
(and of course, keep us posted)

best,
Herbert

> Cheers,
>
> Steph.
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Aug 17 22:13:53 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 17 Aug 2006 - 22:13:58 BST by hypermail 2.1.8