From: Lennert B. <bu...@gn...> - 2001-03-12 17:14:21
|
On Mon, Mar 12, 2001 at 08:51:26AM +0800, lis...@os... wrote: > > Depend on what you mean by "access". A UML user can use certain host > > resources, but those resources (especially the rootfs) are disposable. If > > they get trashed, you don't really care. > > In the context of rootfs, root on the guest can mount the host's rootfs > and then anyone in the guest can read/write anything that the UID of UML > gives access to. > > I think UML machines for "untrusted" access should disallow module > loading. I don't think this solves the problem in any way. As a matter of fact, several root kits out in the wild have functionality to load modules on systems that have no module support. It's only a matter of time before these get adapted to work on uml. cheers, Lennert |