VirtualNET @ CSE - security
- Your VMs access
/home
as the user who started them (i.e., you). Thus, you shouldn't let anyone else log in to your VM, unrestrictedly run CGI scripts, etc., because they can then potentially access or change things in your home directory or class accounts to which you have access.
- Relatedly, you can only log in to a VM you start (notably via SSH) as root or yourself. This restriction is applied in
/etc/pam.d/system-auth
in the VM itself. Because you have root access you can, of course, change this but probably shouldn't.
- The virtual network hubs used to connect eth1, eth2, eth3, and eth4 on each VM to the same interfaces on other VMs either pose a potential security problem or create a useful tool for understanding network operation, depending on how you look at them. The security problem comes in when you're using eth3 or eth4 because these connect to eth3 and eth4 of every other VM, including those run by other users. This means these other users can, with tools like
tcpdump
, monitor the network traffic flowing between your own VMs. If the traffic is not encrypted in some way, other users will be able to see what your VMs are sending each other.