Sorry to change the subject... but my question now is:
lets asume that root is compromised in a vs by the admin...
the most obvious problem would be that then the skel could be compromised
(any modification to a file that is a hard link of the skel would modify
the skel and those files in other VS's)...
Also, perhaps, that unscrupolous admin could change his
quota. (/etc/vsd/quota)...
but, could s/he compromise (have access) to any other vs or the
"host" server?
That's the real question regarding security...
yes, a modification of the skell is a big headache but hopefully one have
a bakup of it... and eventualy one will be aware in changes in the
quota... but at least for me the most important thing is the security of
the other vs's and the host.
of course I rather have *no* root compromised in any vs ;)
Cheers!
Marcos
pd: thanks Simon for all of your imput!!! It will keep Urivan bussy for
the next week ;)
On Sat, 5 May 2001, Simon Garner wrote:
-------------------8<snip,snip,snip>8-------------------
>
> Well that would perhaps fix the scenario I suggested.
>
> But it's still risky -- you'll be opening a whole bunch of holes you don't
> know about, and then trying to plug the ones you spot. Whereas if Apache's
> not running as root at all, the possibilities are hugely reduced.
>
