Not to digress too far, but... > On 3/31/04 10:05 AM, "Jeremy Epstein" > <[EMAIL PROTECTED]> wrote: > > You might also consider one of the IPS products (e.g., Okena/Cisco, > > Entercept/NAI, or PlatformLogic), all of which will allow > you to constrain > > what happens.... and may be somewhat more scalable than > VMware if you need > > to run a bunch of instances of the virtual environment.
Paco Hope responded: > This answer decidedly beyond the scope of "secure coding." > IPSes don't even > run on the host with the code. IPS systems are so far removed from the > actual host that they have no context on which to base decisions about > custom code. The OS can't stop bad programmers from shooting > themselves in > the foot. It can at least apply a few limits to the damage > when they do. There are different kinds of IPSs (unfortunately, the term is massively overloaded). The types I listed run on the host with the code, in between the OS and the application. And they *do* have the context to base decisions on... I'm most familiar with PlatformLogic, which provides a very sophisticated policy language that allows you to specify for every program exactly what it can do (e.g., what files it can access in what modes, what ports it can use, what IP addresses), as well as privileged systems calls, etc. It's ideally suited to constraining virtual servers. Yes, there are IPSs that are running on the network (e.g., as a network filter), but those are more network IPSs (as opposed to host IPSs), to borrow terminology from the IDS world. > The original question was "how can I limit one user's ability > to interfere > with other users on the box?" An answer that takes the box > offline when bad > stuff happens is probably not the answer he was hoping for. It's a > host-based question, and the network is not the right place > to solve it. I agree. The solution I propose does not take the box offline; depending on how the IPS is configured, it would either disallow the particular operation, or shut down that virtual server (without affecting other virtual servers). --Jeremy
