From: BlaisorBlade <bla...@ya...> - 2003-12-24 18:38:02
|
Alle 10:18, mercoled=EC 24 dicembre 2003, Nikolaus Hammler ha scritto: > Ist hostfs secure enough? When I mount the directory > /mnt/media from the host system, can I make sure > that's *not* possible to escape? To traverse other > directories? I don't think you should trust hostfs. Or better, if you say at the boot=20 hostfs=3Dpath(I'm not sure this is the right syntax, check), hostfs should = be=20 safe. BUT: 1) there are some permission problems; if you are a plain user and create a= =20 file on hostfs, you can't touch it anymore, as it will be owned by the user= =20 running the UML 2) if anyone has root access on the UML, he can load a module; and he can l= oad=20 even an crack_hostfs module which can access the host filesystem without=20 respecting that limit. It's a bit hard, and to know this know a bit UML; bu= t=20 not that hard, and when UML will be shipped by all distros(which is already= =20 happening) this will become frequent. And this can happen even if you don't= =20 enable hostfs when compiling your UML kernel. If you disable module loading= ,=20 yet a true cracker can use some known technics(they are for i386, but=20 probably apply to UML, too) to load it anyway(if he's root on the guest). To avoid this, you must chroot your UML; I'm not providing instructions her= e,=20 but just search or ask. Note: chrooting a process means that you make that process see, as its root= =20 directory, a directory you choose before starting it. See man 1 chroot and= =20 man 2 chroot. > When I want to do network, there is a helper program > that has Setuid-root. Is this a security risk? If you care about security, avoid this(instructions on the web page). I've= =20 never heard of exploits to it, but I neither heard of a proper security=20 auditing to it(but maybe I just missed it). > Is it possible to gain access; even root privileges > on the host system with that driver? I could not find > any information concerning security on the webpage. > > What's the difference between UML and a real > virtual machine? What happens when somebody attacks > my virtual machine with a DOS attack? Does then only > the virtual machine crash or is it possible to also > crash the host system? A DOS shouldn't crash a machine(at least a not-buggy/Linux one), but the lo= ad=20 will be perceived even by the host. > And what about buffer overflows? > May they reach the host system? > > What about performance? How slow is the virtual system > im comparison to a "real system"? You want probably to change the TMPDIR variable to point at a place where y= ou=20 mount a tmpfs; UML stores some files inside TMPDIR(normally /tmp) which=20 contain the guest memory, so if TMPDIR points to a RAM-based location this= =20 will help performances(but increase memory consumption, maybe; it's not tha= t=20 obvious, since probably tmpfs datas can be swapped out). Bye =2D-=20 cat <<EOSIGN Paolo Giarrusso, aka Blaisorblade Linux Kernel 2.4.21/2.6.0-test on an i686; Linux registered user n. 292729 EOSIGN |