Bill Page wrote:
>
> I agree. It is probably a good idea not to expose any ports on the VM
> to the Internet. It only needs to be accessible to a virtual network
> or a strictly local LAN segment. That is why I prefer the use of poxy
> in Apache running natively on the host. It is easier and one has
> additional motivations for wanting to protect the host itself. In
> comparison the security of the VM seems mostly trivial to me. But
> perhaps I do not understand exactly what you mean by getting root
> inside VM. If the VM has no exposed ports it is difficult to see how
> this could be accomplished through the Apache proxy.
To make things clear: I mean attacker interacting with VM via
http (which Apache will dutifully pass between internet and VM).
No extra ports needed.
--
Waldek Hebisch
[email protected]
--
You received this message because you are subscribed to the Google Groups
"FriCAS - computer algebra system" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/fricas-devel?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
