First page Back Continue Last page Summary Graphics
Jailing with UML
Isolate untrusted things from the host
potentially malicious users
Bonus - by default, stack smashes don't work against UML
Continuing with other security-related applications of UML, we have jailing. This is the isolation from the host of things that aren't necessarily trusted.
This includes users who may be malicious or just incompetent, and may damage the host in some way.
It also includes services that may be exploitable. bind and sendmail are particularly popular services for UML jailing. As a bonus for jailing services, by default, UML is immune from standard stack smash attacks since it puts process stacks in a different location from where they are on the host.