On Wed, 21 Feb 2001, kevin lyda wrote:
> i wonder how usermode linux would do here - the firewall runs under
> usermode linux and the real box runs the rest.
don't know... conceptually uml exists to ease development. security
between uml kernel and host OS isn't a goal. so probably not a good
idea to rely on it.
(eg the uml kernel needs a setuid host ifconfig to setup networking).
i'm pretty sure that if someone cracked into the uml setup they'd
have access to all the files that the uid the uml kernel is running
under would have access to.
then again, doubt there's many convenient script-kiddy ploits for
uml, so it might still be worth a look.
> of course i haven't
> tried it since i've been spending huge amounts of time just trying to
> convince paul jakma to just consider using it.
heh? spending huge amounts of time to convince me? ....
twas cause i watched you battling to install RH6.2 on a box that
really needed RH7.0 (i815 graphics) that i suggested that perhaps uml
might be a good idea.
(kev only needs 6.2 for development purposes).
- get uml.
- run a recent 2.2 host kernel
- make an image of a distro install
fix the little problems it will have, and hey presto.
> kevin, who is trying to maximize the abuse he's going to get
> from paul today...
i had a temperature of 39.2 earlier today, so i'm not at my full
abuse giving potential. consider yourself lucky.. :)
Paul Jakma paul at clubi.iepaul at jakma.org
PGP5 key: http://www.clubi.ie/jakma/publickey.txt
The way to make a small fortune in the commodities market is to start
with a large fortune.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!