Menu
▾
▴
RE: [coLinux-devel] my comments on colinux
|
From: Robert S. <rj...@ze...> - 2004-02-19 15:03:32
|
I asked about security before and got no response (other than a suggestion to use bochs) As far as I have been able to work out the arhictecture of colinux is like this (please someone correct me if this is wrong):- The colinux kernel runs in ring 0 (highest permission) on the CPU with full control over the virtual memory system To load the kernel colinux-daemon.exe (which is a user process) loads a windows kernel driver (linux.sys). This driver runs in ring0 (as it is part of the windows kernel) and reserves physical memory for the colinux kernel to use. The linux kernel has been patched so that it only maps its virtual memory onto the physical memory that has been reserved from windows. The linux and windows kernels cooperatively multitask. Messages are passed between the linux kernel and linux.sys to implement the console, cobd and conet For the colinux block device, linux.sys reads the file from kernel space For conet, IPC is used to communicate with a user-space thread that makes calls to the TAP driver. (This is one reason why networking will be slow) Security implications ===================== Any exploits that can be used in linux to gain root will still work Root from linux does not have access to the physical RAM that windows is using unless * extra code is loaded into the kernel (e.g. kernel recompile or module loaded) which manipulates the page tables and maps the rest of the physical memory * requests are made to linux.sys which causes it to access memory Root in linux cannot make system calls to windows unless it can get linux.sys to make them. The file that backs the block device is read by the windows kernel (probably as the SYSTEM user). This should not be a risk as you need to be an Administrator to run colinux anyway. In summary I agree that colinux is potentially dangerous. A priviledged user on either OS, could insert code into the kernel, which allowed the page tables to be manipulated, which futher allowed the other OS to be compromised by reading and/or writing its kernel memory. I don't think this situation will ever change ... --- Rob Stonehouse On Thu, 19 Feb 2004, Nir Perry wrote: > Hi, > > Not sure about the security - colinux uses the daemon to access windows > indirectly... > You should be aware that in general projects under development lack the > security "stable" projects have. > > I wouldn't recommend you to use colinux if you require HIGH level of > security. Note - the host windows OS isn't that secure anyone. > > Btw, if you want that security fix on 2.4.24 kernel, you can get kernel > sources from slackware - they've patched the 2.4.24 with it. I think other > distros did that too. > > Nir > > -----Original Message----- > From: peter green [mailto:plu...@p1...] > Sent: Thursday, February 19, 2004 16:02 > To: col...@li... > Subject: RE: [coLinux-devel] my comments on colinux > > > when i used 2.4.24 it built fine > > what are the security implications of colinux? > can it be trusted to jail users within a colinux system from each other or > are there ways for an app inside to make direct windows system calls and > break out > > i know that 2.4.24 has a known local root hole and would like to know if is > worth trying to find a backport of the security fix or if colinux has no > security in the first place |
