Hi All -
In terms of Vserver security, I was hoping to get some community input
on the following:
1) I'm running gnome including Firefox in my vserver guests . Is it a
correct assumption that such a guest is susceptible to the types of
kernel exploits that would allow an attacker to take control of the
guest as root (e.g., maybe some sort of sql injenction off of an
infected website)? I.e., does the guest architecture per se eliminate
this sort of risk? Or is the best one can do is to use a current
kernel, keep the guest patched etc.?
2) Should such an attack succeed, could the attacker then begin to
attack other guests on the network?
3) My guests are on a different subnet than the host. Should such an
attack succeed in a guest, could it mount a successful attack on the
host over the network if the host had iptables in place, was up to date
in its patches etc.?
Thanks for any input.
Received on Sun Jan 19 15:02:12 2014