This patch makes skas work work me. I logged into a toms fs and did stuff.
It's a bit shaky - it paniced during the halt, but it basically works.
To see what this is about, compare the following two maps files. The first
one is from the nested toms running in skas mode. The second one is from the
host UML, running in the usual tt mode.
/# cat /proc/$$/maps
08048000-08055000 r-xp 00000000 62:00 1923 /bin/sh
08055000-08056000 rw-p 0000c000 62:00 1923 /bin/sh
08056000-08061000 rwxp 00000000 00:00 0
40000000-40005000 r-xp 00000000 62:00 113 /lib/ld-linux.so.1
40005000-40006000 rw-p 00004000 62:00 113 /lib/ld-linux.so.1
40006000-40007000 rw-p 00000000 00:00 0
[ snip ]
9fffe000-a0000000 rwxp fffff000 00:00 0
usermode:~# cat /proc/$$/maps
08048000-080b2000 r-xp 00000000 62:00 93897 /bin/bash
080b2000-080b8000 rw-p 00069000 62:00 93897 /bin/bash
080b8000-080de000 rwxp 00000000 00:00 0
40000000-40012000 r-xp 00000000 62:00 57250 /lib/ld-2.1.3.so
40012000-40014000 rw-p 00011000 62:00 57250 /lib/ld-2.1.3.so
40014000-40015000 rw-p 00000000 00:00 0
[ snip ]
9fffb000-a0000000 rwxp ffffc000 00:00 0
Note that there's no difference between the sizes of the two address spaces.
If you do the same thing on the host, you'll see the last entry ends at
0xc0000000. The gap in the host UML between 0xa0000000 and 0xc0000000 is
occupied by UML. This makes it visible to processes, which is bad for
honeypots, which want to fool users into thinking they're on a physical box.
It's also writable by default, which is bad for security, because a nasty
process can write to the right bits of UML kernel memory and escape onto the
host. This is prevented by 'jail' mode, but at a huge performance cost.
skas mode fixes this by moving the UML kernel into a totally separate address
space. This makes UML invisible to its processes, and makes it secure against
them because they totally lack any access to the UML kernel address space.
So, what is now called 'jail' mode is the default, and there's no speed
penalty. What's better is that this should be noticably faster than the
current UML because getting in and out of the UML kernel involves two fewer
context switches and one less signal delivery and return.
The downside is that it doesn't run on a stock kernel. It looks for the
extra support it needs, and chooses the appropriate mode at run time. I
have the changes in UML - I need to port them to i386 in order to run a skas
UML directly on the host.
The fixes that this patch involves were a few small things
the handling of registers during a system call was slightly broken
UML incorrectly handled signal deliveries with no restorer provided
the time in the idle thread was broken