Secure Coding mailing list archives
RE: virtual server - security
From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Wed, 31 Mar 2004 19:27:28 +0100
You might also consider one of the IPS products (e.g., Okena/Cisco, Entercept/NAI, or PlatformLogic), all of which will allow you to constrain what happens.... and may be somewhat more scalable than VMware if you need to run a bunch of instances of the virtual environment.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Nemec Sent: Tuesday, March 30, 2004 6:46 PM To: [EMAIL PROTECTED] Subject: Re: [SC-L] virtual server - security Have you looked at VMware? ( http://www.vmware.com ) It let's you provide an environment at the hardware-like level inside a real box. This way, if the the script kiddie get's control of your virtual environment, you can just reset back to a pre-saved state. Meanwhile, the real box is protected from the virtual (at least should be). On Tue, 30 Mar 2004, Serban Gh. Ghita wrote:Hello I am banging my head on the table every day, because icannot find anelegant and safe solution to secure a virtual sharedenvironment (server).Take the following facts: -you have a virtual server (unix) and you have to take careof a lot ofclients. -no one has acces to shell, cronjobs or stuff like that,only 21 and 80-you dont want anyone to get out of his 'box' (eg /home/sasha/) -you want to allow php, perl or other web languages to runsafely and in thesame time will _almost_ all features. -in php (because this is the one of the most user languagefor web - formostly endusers), i have options like safe_mode, but if iactivate that,many functions and features will not work. i know (becausei tested) thatthe best solution is open_basedir, but i cannot create anrestriction likethat for each user, or at least i dont know how to do that. My problem is that i tested some script-kiddies localexploits (php,perl)and the system is vulnerable, the user can get out of hisbox and see systemfiles (etc/passwd, other dirs). What are the options here. Any paper or book written about this? Thanks Serban Gh. Ghita
Current thread:
- virtual server - security Serban Gh. Ghita (Mar 30)
- Re: virtual server - security Scott Nemec (Mar 30)
- RE: virtual server - security Dave Paris (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- RE: virtual server - security Dave Paris (Mar 31)
- Re: virtual server - use jail(8) on FreeBSD Paco Hope (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- Re: virtual server - security Fernando Schapachnik (Mar 31)
- Re: virtual server - security Louis Solomon [SteelBytes] (Mar 31)
- Re: virtual server - security Frank Peters (Mar 31)
- <Possible follow-ups>
- RE: virtual server - security Jeremy Epstein (Mar 31)
- Re: virtual server - IPS Paco Hope (Mar 31)