Herbert Poetzl escribió:
not unexpected, giving any capabilities beyond the
default set can be considered a (sometimes severe)
reduction in guest security (i.e. you are handing
over control to host specific parts which can be
used either for DoS or in most cases direct control
over host specific entities)
Well... in a controlled environment -intranet server- I think it's safe.
CAP_NET_BROADCAST is not critical, as it is currently
unused :)
Hmmm... That's why this email suggest to add a 'nodev' interface?
http://www.mail-archive.com/vserver@list.linux-vserver.org/msg08832.html
I've running samba guest servers and sometimes I've suffered problems related to nmbd.
What is the point of the setup explained in that mail?
begin:vcard
fn:Asier Baranguan
n:Baranguan;Asier
org;quoted-printable:ELPA Gesti=C3=B3n
adr;quoted-printable;dom:;;Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009
email;internet:[EMAIL PROTECTED]
title:A/P
tel;work:944.23.01.66
tel;fax:944.23.01.78
x-mozilla-html:FALSE
url:http://www.elpagestion.com
version:2.1
end:vcard
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
