Re: [uml-user] Security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Wed, Aug 02, 2006 at 02:15:39PM -0400, Jeff Dike wrote:
> On Wed, Aug 02, 2006 at 10:35:20AM -0700, Jim Carter wrote:
> > untrustedProg cannot use legitimate means to induce UML1's kernel to ma=
p=20
> > kernel memory (except according to the UNIX file permissions of /dev/km=
em).
>=20
> And whether /dev/kmem allows writing.  This has been controversial in
> the past (and I vaguely recall it being (at least optionally)
> disabled).  Currently, it is writable, but open is under the control
> of CAP_SYS_RAWIO, so removing that from the capabilities received by
> init will remove from the system the ability to write kmem.
>=20
> In this case, UML (in the absence of exploitable UML bugs) is safe
> against the root user.

You'll also want to remove CAP_SYS_MODULE (and make sure the config
files that set the capabilities inside the guest OS are immutable so
the cap dropping can't be removed to break out after a reboot).

--=20
Frank v Waveren                                  Key fingerprint: BDD7 D61E
fv...@va...                                              5D39 CF05 4BFC F57A
Public key: hkp://wwwkeys.pgp.net/468D62C8              FA00 7D51 468D 62C8