On 9/7/06, Thomas Kern <[EMAIL PROTECTED]> wrote:
Is hcp/vmcp anymore sensitive in a class G (or less) linux service virtual machine than 'shutdown -h now'? Does anyone really let untrusted users have root access in production service virtual machines?
If the question is whether someone with root access in your class G virtual machine can do any harm, I believe the answer should be yes. If your Linux server is connected to the Internet, there's always the risk that someone with less friendly intentions gets root access. If you run Linux virtual machines for customers, that's often even part of the arrangement with that customer. Although I have not had time to update my Redpaper with the latest stuff, it may still be useful to explain the strategy of reducing the CP privileges of the virtual machine to a minimum. That way you limit the possible damage to the compromised server only. http://www.redbooks.ibm.com/abstracts/redp3870.html Rob Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
