Thread: [uml-user] Securing UML Instances ... How do you do?

Brought to you by: blaisorblade, derrichard, jdike, rusty

user-mode-linux-user

[uml-user] Securing UML Instances ... How do you do?

From: Primero <pr...@fa...> - 2004-06-14 13:43:41

Hi all, i'm interesting in UML in this period and now i've got my 2 UML  
Instances running some services.

I was woendering how you deal with securing UML.
I was thinking about grsecurity and chroot related options. Start Each Uml  
in chroot environment and use grsecurity to enanche it ... now that  
grsecurity is gone i don't know where to look.

How do you deal with this topic?
I know my question is a little bit ... wide :)

thx
bye

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Re: [uml-user] Securing UML Instances ... How do you do?

From: roland <for...@gm...> - 2004-06-14 21:00:41

> in chroot environment and use grsecurity to enanche it ... now that  
> grsecurity is gone i don't know where to look.

who says that it's gone?
-> http://www.grsecurity.net/news.php

:)


----- Original Message ----- 
From: "Primero" <pr...@fa...>
To: <use...@li...>
Sent: Sunday, June 13, 2004 6:23 PM
Subject: [uml-user] Securing UML Instances ... How do you do?


> Hi all, i'm interesting in UML in this period and now i've got my 2 UML  
> Instances running some services.
> 
> I was woendering how you deal with securing UML.
> I was thinking about grsecurity and chroot related options. Start Each Uml  
> in chroot environment and use grsecurity to enanche it ... now that  
> grsecurity is gone i don't know where to look.
> 
> How do you deal with this topic?
> I know my question is a little bit ... wide :)
> 
> thx
> bye
> 
> -- 
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the
> one installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> User-mode-linux-user mailing list
> Use...@li...
> https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
>

Re: [uml-user] Securing UML Instances ... How do you do?

From: Alexander N. <uml...@li...> - 2004-06-15 11:21:32

Hi,

* Primero <pr...@fa...> wrote:
> [...]
> I was woendering how you deal with securing UML.
> I was thinking about grsecurity and chroot related options. Start Each Um=
l =20
> in chroot environment and use grsecurity to enanche it [...]

I tried to merge the grsecurity and the skas patch, which fails because
bouth patches fiddle around the memory management (and I don't have
enough knowledge to fix this...)

Thomas has a patch with includes the skas3 and the grsecurity patch for
2.4.25 and 2.4.26 (http://www.cip.physik.uni-muenchen.de/~tf/linux),
which wasn't useful to me because on that server I would like to use
2.6.

Is anyone else using grsec and skas together?

 - Alexander

Re: [uml-user] Securing UML Instances ... How do you do?

From: Primero <pr...@fa...> - 2004-06-15 13:58:03

On Tue, 15 Jun 2004 10:57:23 +0200
Alexander Neumann <uml...@li...> wrote:

> 
> Is anyone else using grsec and skas together?
> 
There is a project called WOLK, working overloaded Linux Kernel (http://wolk.sourceforge.net) wich is a patchset to Vanilla Kernel with in mind stability and performance.
It has released a 2.6.5 version with SKAS and GRSECURITY and much much more . I've tried it but i've been not able to solve a problem... MY gentoo_root_fs gives me Segmentation Fault ... no other root_fs give me problems ... only gentoo one.

So i'm gonna try another time but it is a very good project, give it a chance.
Bye

Re: [uml-user] Securing UML Instances ... How do you do?

From: BlaisorBlade <bla...@ya...> - 2004-08-20 10:10:25

Alle 15:57, marted=EC 15 giugno 2004, Primero ha scritto:
> On Tue, 15 Jun 2004 10:57:23 +0200
>
> Alexander Neumann <uml...@li...> wrote:
> > Is anyone else using grsec and skas together?
>
> There is a project called WOLK, working overloaded Linux Kernel
> (http://wolk.sourceforge.net) wich is a patchset to Vanilla Kernel with in
> mind stability and performance. It has released a 2.6.5 version with SKAS
> and GRSECURITY and much much more . I've tried it but i've been not able =
to
> solve a problem... MY gentoo_root_fs gives me Segmentation Fault ... no
> other root_fs give me problems ... only gentoo one.
>
Loop-mount it on the host and rename away /lib/tls. Without this it can't=20
work, if it has a /lib/tls directory. Older fs don't have it, probably, so=
=20
they work.
More technically: /lib/tls contains NPTL-enabled libraries, to use on 2.6=20
kernels with processors >=3D i686. But UML does not support NPTL, for now.

Bye
=2D-=20
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729