risks of granting net_admin? [message #35137] |
Wed, 04 March 2009 17:35 |
minektur
Messages: 3 Registered: March 2009
|
Junior Member |
|
|
I'm setting up a guest that wants to use tunneling (openvpn based...) and I find from the documentation that I need to, among other things, grand net_admin rights to the guest.
I've looked pretty far and wide for any documentation on this but haven't found much - I'm wondering what the risks I should consider when doing this.
What else does net_admin give you the ability to do? Is this just giving the administrator of the virtual server more options or does it have ramifications for other guest servers on the machine?
I've seen a a few issues in the linux kernel where granting someone CAP_NET_ADMIN will allow them to exploit some local vulnerability... e.g.
http://www.securityfocus.com/bid/17178/discuss
Are there other issues I should consider?
Fred
|
|
|