The first stable OpenVZ release
Posted Dec 6, 2005 19:58 UTC (Tue) by dev
In reply to: The first stable OpenVZ release
Parent article: The first stable OpenVZ release
There are probably 2 kinds of kernel bugs:
- oopses/bugs which are not exploitable, but probably triggerable. These are just fixed in a timely manner (even faster than in RHEL, you can check update history).
- exploitable bugs which allow to gain root privileges. These bugs allow to gain root privileges, but you are still bounded to VPS just in any VM-like solution.
- exploitable bugs which allow to write kernel memory. These bugs allow crash the whole system or theoretically to get out of VPS. For this kind of bugs we have some countermeasures (e.g. in VFS).
So the most dangerous category of bugs is the 3rd one, but happily almost all kernel bugs belong to 1st category.
So the answer for your question is: we fix known bugs in a timely manner and insert countermeasures against getting out of VPS boundaries.
to post comments)