[Users] Security risks in ve_allow_kthreads

Kirill Korotaev dev at sw.ru
Wed Jan 9 02:54:57 EST 2008


Jakob Goldbach wrote:
> Hi,
> 
> What securiy risks do I impose on myself when enabling kernel threads
> inside the VE ?

1. if kernel thread doesn't terminate on VE stop - VE stop will be blocked.
2. security implications can be that kernel threads usually can do things
   which user space applications can't. So security implications depend
   on what thread in question does.
3. if your system is quite trusted (2) is not an issue at all.
   only (1) must be concerned.

Kirill



More information about the Users mailing list