From: Erik de B. - L. <Erik@LowVoice.nl> - 2003-08-29 14:07:48
|
Hi List, To create an extra barrier between the host and guest OS we wanted to chroot a UML system. We created a chrooted environment to run an non-writable but executable linux kernel while the user the UML runs as only has writable filesystems and a read-ony hostfs. This way, even with a compromised or exploitable kernel you couldn't write binary executable files onto the host filesystem. This is essential to get tools for further exploiting bugs on the host. We think this very much solves many security issue we could think off. We've bind mounted just the /dev/net to the inside of chroot so it can use tun/tap networking, but no other things of /dev are reachable. We've also been trying to do the same with /proc/mm but this is a file, so it's only possible to bind the whole /proc. It's a lot safer than not chrooting at all, but would because it's safer than a non chrooted environment anyway, but it would very much remove a lot of risks that still exist. We think that changing the location of /proc/mm to /proc/mm/mm would make deeper security measures possible. Erik |