From: John P. M. <jo...@ce...> - 2006-10-24 14:51:52
|
All, I have been reading about UML on the UML Kernel Home Page. I have found several references to security issues such as the host system being accesible from the guest system and memory not being secure between multple UML instances. Have these security issues been solved? I want to use UML on a single server with three UMLs that I want to be totally isolated from one another. Is that possible yet? Thanks for your time. -- John P. Mitchell <jo...@ce...> |
From: Jeff D. <jd...@ad...> - 2006-10-24 15:24:51
|
On Tue, Oct 24, 2006 at 06:51:39AM -0800, John P. Mitchell wrote: > I have been reading about UML on the UML Kernel Home Page. I have > found several references to security issues such as the host system being > accesible from the guest system and memory not being secure between > multple UML instances. URLS? > Have these security issues been solved? I want to > use UML on a single server with three UMLs that I want to be totally > isolated from one another. Is that possible yet? Thanks for your time. UMLs are (and have been for a long time) isolated from each other and the host. Jeff |
From: John P. M. <jo...@ce...> - 2006-10-24 15:54:23
|
Jeff, Thanks for the response. On Tue, 24 Oct 2006, Jeff Dike wrote: > On Tue, Oct 24, 2006 at 06:51:39AM -0800, John P. Mitchell wrote: >> I have been reading about UML on the UML Kernel Home Page. I have >> found several references to security issues such as the host system being >> accesible from the guest system and memory not being secure between >> multple UML instances. > > URLS? http://user-mode-linux.sourceforge.net/todo.html The entry that is interesting is: protect kernel memory from userspace http://user-mode-linux.sourceforge.net/skas.html I can not tell if this is something that works with 2.6 kernel revs or not. From the web page it sounds like UML is very insecure without this patch. Some of the mailing lists refer to a skas0 and a skas3 which I can not find anything on the web page about. > >> Have these security issues been solved? I want to >> use UML on a single server with three UMLs that I want to be totally >> isolated from one another. Is that possible yet? Thanks for your time. > > UMLs are (and have been for a long time) isolated from each other and > the host. > > Jeff Please do not take my questions as disrespect, UML is a great accomplishment. I am just trying to figure out if it is secure enough that in the event that a UML instance is compromised at the root user level that another UML instance on the same machine will not be at risk. Thanks for your time. -- John P. Mitchell <jo...@ce...> |
From: John P. M. <jo...@ce...> - 2006-10-24 16:08:00
|
Jeff, On Tue, 24 Oct 2006, Jeff Dike wrote: > On Tue, Oct 24, 2006 at 06:51:39AM -0800, John P. Mitchell wrote: >> I have been reading about UML on the UML Kernel Home Page. I have >> found several references to security issues such as the host system being >> accesible from the guest system and memory not being secure between >> multple UML instances. > > URLS? > Found another one: http://user-mode-linux.sourceforge.net/help-kernel-v1.html The bullet point is "protect kernel memory from userspace" >> Have these security issues been solved? I want to >> use UML on a single server with three UMLs that I want to be totally >> isolated from one another. Is that possible yet? Thanks for your time. > > UMLs are (and have been for a long time) isolated from each other and > the host. > > Jeff > -- John P. Mitchell <jo...@ce...> |
From: Jeff D. <jd...@ad...> - 2006-10-24 17:20:08
|
On Tue, Oct 24, 2006 at 08:07:20AM -0800, John P. Mitchell wrote: > Found another one: > > http://user-mode-linux.sourceforge.net/help-kernel-v1.html > The bullet point is "protect kernel memory from userspace" Oops, very obsolete. That's not an issue any more. Jeff |
From: Christopher M. <chr...@ya...> - 2006-10-24 17:35:42
|
--- Jeff Dike <jd...@ad...> wrote: > On Tue, Oct 24, 2006 at 08:07:20AM -0800, John P. Mitchell wrote: > > Found another one: > > > > http://user-mode-linux.sourceforge.net/help-kernel-v1.html > > The bullet point is "protect kernel memory from userspace" > > Oops, very obsolete. > > That's not an issue any more. > Jeff: Would running a UML instance from a user account with no priviledges on the host be sufficient to prevent a root process controlled by a malicious user running within the UML from taking any possible advantage of the host? I realize that it is probably advisable (due to bugs not currently known) to run the UML instance from within a chroot containing only the UML kernel and its filesystem image and a few device nodes like /dev/net/tun needed to bring up networking, but as far as you know, is it *necessary* to do so? Chris Marshall If I ran a UML instance on a host and wanted To the best of your knowledge, then, the only known requirement for isolating UML instances from each other and from the host is that the user accounts under which the instances |
From: Jeff D. <jd...@ad...> - 2006-10-24 19:24:22
|
On Tue, Oct 24, 2006 at 10:35:22AM -0700, Christopher Marshall wrote: > Would running a UML instance from a user account with no priviledges > on the host be sufficient to prevent a root process controlled by a > malicious user running within the UML from taking any possible > advantage of the host? At most, the malicious user would be able to get whatever priviliges the user running the UML has (in your scenario, that would be none). > I realize that it is probably advisable (due to bugs not currently > known) to run the UML instance from within a chroot containing only > the UML kernel and its filesystem image and a few device nodes like > /dev/net/tun needed to bring up networking, but as far as you know, > is it *necessary* to do so? As far as I know, it's not. Jeff |
From: John P. M. <jo...@ce...> - 2006-10-24 19:33:57
|
On Tue, 24 Oct 2006, Jeff Dike wrote: > On Tue, Oct 24, 2006 at 10:35:22AM -0700, Christopher Marshall wrote: >> Would running a UML instance from a user account with no priviledges >> on the host be sufficient to prevent a root process controlled by a >> malicious user running within the UML from taking any possible >> advantage of the host? > > At most, the malicious user would be able to get whatever priviliges > the user running the UML has (in your scenario, that would be none). > >> I realize that it is probably advisable (due to bugs not currently >> known) to run the UML instance from within a chroot containing only >> the UML kernel and its filesystem image and a few device nodes like >> /dev/net/tun needed to bring up networking, but as far as you know, >> is it *necessary* to do so? > > As far as I know, it's not. > > Jeff > Jeff, I justed wanted to say *thanks* for being such a cool project maintainer and being accessible. I have worked with another project (sorry, not saying which) and the maintainer is really hard to interact with or even get any attention from. All, And *thanks* goes to all the other contributors as well. Open Source is great. Bill Stearns are you still out there? I just realized you taught one of my SANS security courses. Small world. -- John P. Mitchell <jo...@ce...> |
From: Scott E. <sup...@gm...> - 2006-10-24 17:39:44
|
On 10/24/06, John P. Mitchell <jo...@ce...> wrote: > All, > > I have been reading about UML on the UML Kernel Home Page. I have > found several references to security issues such as the host system being > accesible from the guest system and memory not being secure between > multple UML instances. Have these security issues been solved? I want to > use UML on a single server with three UMLs that I want to be totally > isolated from one another. Is that possible yet? Thanks for your time. Now-a-days the uml instance should only have as much access as the user running it. The processes running under uml will either have root or lesser access, which equates to slightly less/equal access as the process running uml, or even less. I only restate this because of your 'root level' access comment. (it could be inferred either way) Cheers. |
From: John P. M. <jo...@ce...> - 2006-10-24 19:10:25
|
Scott, On Tue, 24 Oct 2006, Scott Edwards wrote: > On 10/24/06, John P. Mitchell <jo...@ce...> wrote: >> All, >> >> I have been reading about UML on the UML Kernel Home Page. I have >> found several references to security issues such as the host system being >> accesible from the guest system and memory not being secure between >> multple UML instances. Have these security issues been solved? I want to >> use UML on a single server with three UMLs that I want to be totally >> isolated from one another. Is that possible yet? Thanks for your time. > > Now-a-days the uml instance should only have as much access as the > user running it. The processes running under uml will either have > root or lesser access, which equates to slightly less/equal access as > the process running uml, or even less. I only restate this because of > your 'root level' access comment. (it could be inferred either way) > > Cheers. > That was what I was hoping to hear. Great! Thanks for the feed back. Now I am off to implement some UML instance... -- John P. Mitchell <jo...@ce...> |