Re: [vserver] port restrictions

About this list Date view Thread view Subject view Author view Attachment view

From: klavs klavsen (
Date: Thu Aug 01 2002 - 06:23:22 EDT

On Thu, 2002-08-01 at 10:07, Paul Sladen wrote:
> On 1 Aug 2002, klavs klavsen wrote:
> >
> > These measures would greatly enhance the vserver security, as a hacker
> > who got hold of root in your vserver would not be able to install a
> > common root kit for instance.
> You *have* root in a vserver. Isn't that the whole point?

You don't have root in the original sence, as you are without the
capabilities that is root ! - to me, that is the whole point (root -
without roots strengths/faults) ! For instance, you can't reconfigure
inet interfaces, set an interface into promiscious mode, you can't
remove files that are set immutable and so on.

The port binding features would just be an added security feature - in
my opinion right along the lines that vserver goes - and which I believe
is why many users use vserver - for the security features, and its

> If you're after a slightly more restrictive setup, you maybe more interested
> in FreeVSD which works by having a pseudo-root user `admin' and therefore
> having to proxy anything that does need extra/root permissions, which may
> give you the abstract you seem to be after.
> ..and buy a CD or something from Darren and the gang at Idaya to say thanks.
I have heard nothing good about freevsd, compared to vserver - and also
I can see from the mailinglists, that vserver is MUCH easier to setup,
so no thanks :-)

Klavs Klavsen

-------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant -

Get PGP key from - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT