Alle 04:28, mercoled=EC 28 luglio 2004, Sean O'Dell ha scritto:
> On Tuesday 27 July 2004 18:07, Ali Campbell wrote:
> > I found the previous post about rooting UMLs and the effect this has on
> > the host. One of BlaisorBlade's.
> > http://sourceforge.net/mailarchive/message.php?msg_id=3D8872905
> > Seems I was almost right, but not quite - inserting a kernel module into
> > the UML to execute nasty code is apparently fairly easy. It was
> > corrupting the kernel using /dev/mem and /dev/kmem that was a bit harde=
> That was very illuminating, thank you.
> So, here's my personal take on the issue: Linux still provides the same
> amount of protection preventing regular users from obtaining root, whether
> in UML or not. Users who obtain root inside UML could probably work out a
> way to get access in the host as the user.
> So, if I ever give anyone root access inside UML, I should consider UML n=
> as much of a security layer as a convenience layer, and assume that if th=
> have root in UML, they have user-level access in the host.
> Basically, I assume a root user in UML can gain access in the host as the
> user UML was run under.
> Which is fine. I already give people user-level access in the host, but I
> chroot everyone away from everyone else. It sounds like I can give their
> chroot area even fewer support files (just enough to run UML), making that
> level of security even safer, and they'll still end up with far more
> functionality because they'll have a full working UML instance to play in.
> That all seems reasonable to me.
> Sean O'Dell
By the way, if you remove module support in the UML kernel, it becomes much=
more difficult to have user-level access on the host, since it's hard to=20
insert modules; and if you make /dev/kmem not-writable in the kernel, it=20
becomes almost impossible (except for any particular bug which could be=20
discovered in UML).
To make /dev/kmem not writable, you can either remove CAP_SYS_RAWIO from ev=
process, or apply the attached patch, which makes /dev/kmem and /dev/mem no=
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729