From: Frank v W. <fv...@va...> - 2006-08-02 18:19:38
|
On Wed, Aug 02, 2006 at 02:15:39PM -0400, Jeff Dike wrote: > On Wed, Aug 02, 2006 at 10:35:20AM -0700, Jim Carter wrote: > > untrustedProg cannot use legitimate means to induce UML1's kernel to ma= p=20 > > kernel memory (except according to the UNIX file permissions of /dev/km= em). >=20 > And whether /dev/kmem allows writing. This has been controversial in > the past (and I vaguely recall it being (at least optionally) > disabled). Currently, it is writable, but open is under the control > of CAP_SYS_RAWIO, so removing that from the capabilities received by > init will remove from the system the ability to write kmem. >=20 > In this case, UML (in the absence of exploitable UML bugs) is safe > against the root user. You'll also want to remove CAP_SYS_MODULE (and make sure the config files that set the capabilities inside the guest OS are immutable so the cap dropping can't be removed to break out after a reboot). --=20 Frank v Waveren Key fingerprint: BDD7 D61E fv...@va... 5D39 CF05 4BFC F57A Public key: hkp://wwwkeys.pgp.net/468D62C8 FA00 7D51 468D 62C8 |