<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2657.73">
<TITLE>RE: chroot breakout (was: Xen 2.0 Virtual Machine)</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Brian Densmore wrote:</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>>> Garrett Goebel wrote:</FONT>
<BR><FONT SIZE=2>>></FONT>
<BR><FONT SIZE=2>>>> Have you tried to just chroot into another one? </FONT>
<BR><FONT SIZE=2>>> For _a_ test environment, that's fine. But not for running multiple </FONT>
<BR><FONT SIZE=2>>> simultaneous test environments, or giving away root accounts.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>Are you saying that you can't open up multiple CLIs and run chroot in</FONT>
<BR><FONT SIZE=2>>as many simultaneous instances as memory and diskspace allow? </FONT>
</P>
<P><FONT SIZE=2>Sure, but instances of what? Processes not kernels. You couldn't for instance test the setup of a high availability cluster...</FONT></P>
<BR>
<P><FONT SIZE=2>>[somewhat OT: ]</FONT>
<BR><FONT SIZE=2>>Also if one can break out</FONT>
<BR><FONT SIZE=2>>of a chroot environment then they have the skill to own the machine</FONT>
<BR><FONT SIZE=2>>anyway. You need to be able to find and use a security flaw on the</FONT>
<BR><FONT SIZE=2>>machine that would give you root access and have access inside of</FONT>
<BR><FONT SIZE=2>>the chrooted environment to a compiler or perl interpreter. So the</FONT>
<BR><FONT SIZE=2>>fact that one could own a machine from inside a chroot environment</FONT>
<BR><FONT SIZE=2>>doesn't increase the possibility that someone could get root access.</FONT>
</P>
<P><FONT SIZE=2>Unless of course you _want_ to give someone root access without fear that they can subvert their host. Chroot is fine for running services under a low privilege account in a jail. It isn't a cure-all.</FONT></P>
<BR>
<P><FONT SIZE=2>>Although what that has to do with wanting to run a VM, which is what</FONT>
<BR><FONT SIZE=2>>this thread is about, eludes me. In order to run a VM a user would</FONT>
<BR><FONT SIZE=2>>need an account on your box, and if they are going to crack your</FONT>
<BR><FONT SIZE=2>>system and have the knowledge to break out of a chrooted environment,</FONT>
<BR><FONT SIZE=2>>then they can own your box from their user account. </FONT>
</P>
<P><FONT SIZE=2>In order to run a UML VM on a box, you need to run a UML instance which the end user could log into. They don't need _access_ to an account on the UML host. Except to the extent that UML instance would be running under some set of credentials.</FONT></P>
<P><FONT SIZE=2>With UML I can give anyone I wish a root account on their own virtual Linux box... I still have to worry about them misusing it or being penetrated, but not so much about attempts to subvert the uml host. I think UML is promising choice for ISP's who offer co-hosting services.</FONT></P>
<P><FONT SIZE=2>--</FONT>
<BR><FONT SIZE=2>Garrett Goebel</FONT>
<BR><FONT SIZE=2>IS Development Specialist</FONT>
</P>
<P><FONT SIZE=2>ScriptPro Direct: 913.403.5261</FONT>
<BR><FONT SIZE=2>5828 Reeds Road Main: 913.384.1008</FONT>
<BR><FONT SIZE=2>Mission, KS 66202 Fax: 913.384.2180</FONT>
<BR><FONT SIZE=2>www.scriptpro.com garrett at scriptpro dot com</FONT>
</P>
<BR>
</BODY>
</HTML>