On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote: [ .... ] > How about a DNS, squid and web server with multiple name based > virtual domains on the same box? > > Is doing the above really dangerous on a fully patched and up to > date system?
As others have said it's inadvisable. Even fully patched servers can be are susceptible (so called zero day vulns might actually be months old) and the reality is you don't often have the time to fully patch every day anyway. *IF* you wanted to pursue this you can mitigate it with some sort of isolation be it chrooting, selinux, containers, vms. Or all of the above. The level of risk also depends on the webapp. I'd be more comfortable with java (especially with security manager on) which is after all another form of vm. With php (wordpress, drupal, moodle, or home grown) definitely not confortable. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
