On Fri, Jun 5, 2009 at 9:54 AM, Izak Burger<[email protected]> wrote: > If you push me for an answer, I'll say qemu, virtualbox and/or vmware > should be safer, but in practice I will likely choose vserver because > there is way less complexity involved and much better performance.
One more thing. You have to factor in the goals of the attacker. If the attacker is only interested in another node in his botnet, he won't care about breaking through to the "host", he may not even care about obtaining root as he may already have sufficient access to run whatever malware he wants to run. He may not even know (nor care) that he's running his software inside a UML (userspace linux) process. I also suspect that the goal of breaking through to the "host" would be to gain access to the other virtual hosts on that machine, and it might be easier to just attack those other virtual hosts directly, or to attack the host itself directly, since it will likely run the same versions of software anyway. While this is no excuse for not picking a secure solution in the first place, I do not currently know of any exploits in linux-vserver, and picking a virtualised solution for marginally better security seems a backwards way to go about things. There are other factors: performance, ease of use, features, portability, that are much more important when making the decision on what virtualisation technique to use. In other words, it might be easier to spend a little more time hardening your virtual hosts (to keep attackers out in the first place) and have a better performing and easier to manage solution, rather than having a very secure but incredibly hard to live with setup. This is my opinion though, worth about 0.02 ZAR (which isn't much, but at least more than 0.02 ZWD) :-P -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
