Greetings, ----- Original Message ----- > > According to the Red Hat bugzilla page > > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), > > they claim that EL5 and EL6 are not vulnerable because > > /proc/self/mem isn't writable by default. > > According to German IT magazine heise.de this "default configuration" > implies SELinux. Meaning: An SELinux rule protects /proc/self/mem > against writing in the default RHEL configuration. > > As OpenVZ requires SELinux to be set to "disabled" we don't seem to > have that luxury.
Well, I'm sure quite a few people have SELinux disabled on RHEL/CentOS 5 and 6 hosts. The OpenVZ Legacy system I tested happened to be running with an KVM VM on a RHEL 7.2 host with SELinux enabled and in enforcing mode... so maybe that's why it didn't work? I don't see a difference between the perms on a stock EL6 host and an OpenVZ Legacy host... at least for DAC permissions: -rw-------. 1 root root 0 Oct 21 17:59 /proc/self/mem I would be nice to get confirmation from others who attempt the proof-of-concept. TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work] _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users