From: Jeff Dike <jdike@ka...> - 2003-02-08 00:23:13
> An updated kernel-utils package is available that removes the setuid
> bits incorrectly assigned to the uml_net binary.
This seems like a good time to remind everyone that
if you install my packages, the RPM or utilties tarball
and you have untrusted users on the host or in UMLs
then you need to be worried about uml_net. It's setuid root, and any user
can use it to fiddle the network to some extent. They can't bring eth* up
and down. But they can do things like bring up a tap device and assign it
an IP of their choice (i.e. your network's mail or name server), with proxy
arp and everything.
It will also fiddle the host routing and stuff to follow any IP changes made
within UML. So, a nasty user inside a UML could set their IP to the same
as your network's name server and start serving up bogus data.
If you own the machine and trust everyone on it, and you don't want to be
bothered figuring out the arping and routing needed to put a UML on the
net, then uml_net is exactly what you want.
Otherwise, disable it somehow. IIRC, debian has a umlnet group and uml_net
is setgid to it (or maybe setuid root, but only executable by umlnet group
members). That's a good solution. Everyone who needs a UML on the network
is put in the umlnet group. Everyone else can just suck eggs when it comes
to trying to run uml_net.