I have announced a project (see my signature) to run several virtual servers
on a single box (single kernel as well). The vservers are real linux distribution
running in a chroot/chbind/chcontext and capability limited environment.
While looking at the kernel we found out that writing to /dev/random is
not controlled by any capability. We are providing a /dev/random in
the vservers with permission 644, so it can be used.
Is this a security issue if an administrator of a vserver is allowed to write
in /dev/random ?
Looking at the source, it seems that it just increase the entropy and should
not be an issue. I am no expert in randomness.
If this is an issue, then a capability must exist to limit that (CAP_SYS_ADMIN
I guess).
Thanks!
---------------------------------------------------------
Jacques Gelinas <jack@solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 23 2001 - 21:00:24 EST