Dailydave mailing list archives
Re: build an appliance without a shell
From: Darryl Luff <darryl () snakegully nu>
Date: Sun, 07 Mar 2004 21:30:19 +0800
Has anyone tried using User Mode Linux (UML) for this sort of thing? I've been m eaning to look at it for a while but haven't had the time. The UML virtual machi ne is really just a disk image and a usermode app. The disk image doesn't need a shell for admin reasons because you can run admin tasks on the host machine, mo unting the disk image (or fiddling with files on a shared mount). So all the UML image needs installed is the software you need to run whatever services it's pr oviding. And the UML can have an accessible IP but the host machine doesn't needShell == more vulnerable, at a minimum. If you have stuff that needs to be executed in the box, do it in some hardened manner. Run programs to run programs, or at least harden your scripts. The main problem is that most of these "overweight 1-U servers running Linux" also have an unreasonanable amount of their "product" constructed from lashed together shell scripts, which requires a shell to execute.
one.I imagine the UML process isn't bulletproof, but if an attacker doesn't even hav e /bin/sh, let alone compilers etc, they need to work harder just to get the ini
tial foothold. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- build an appliance without a shell ken_i_m (Mar 04)
- RE: build an appliance without a shell Pete Herzog (Mar 04)
- RE: build an appliance without a shell Rodney Thayer (Mar 04)
- Re: build an appliance without a shell ken_i_m (Mar 04)
- RE: build an appliance without a shell Rodney Thayer (Mar 04)
- Re: build an appliance without a shell Rodney Thayer (Mar 04)
- Re: build an appliance without a shell Darryl Luff (Mar 07)
- Re: build an appliance without a shell david maynor (Mar 04)
- RE: build an appliance without a shell Pete Herzog (Mar 04)