Robert Mustacchi writes: >>> https://github.com/joyent/illumos-kvm-cmd/pull/20 > >This has been merged. Thanks to Dan McDonald for preparing this.
Many thanks to all involved. >> One other thing to note is that the qemu process on SmartOS runs inside >> a zone, so escaping the qemu just gets you root in a zone that has >> basically nothing in it except the qemu binary and some config. >> >> You would need an additional kernel privesc vuln to escape that zone and >> take control over the entire box. > >This is correct, the processes in there are running in a stripped >privilege environment. It cannot fork. Yes, I figured this was the case - thanks for confirming. I knew it was containerized, but not that it couldn't fork. Out of curiousity, do the SmartOS orchestration tools (vmadm, etc.) expose these additional limitations, such as disabling forking, in some generic way, so they could be applied to non-kvm zones? Well, not being able to fork may not be the most sensible example in general, since that would make most zone applications impossible, but presumably there's a general mechanism down there somewhere. >To help folks out who want a fixed QEMU, I have provided one that is >suitable for use with all platforms built after January 15 2015. The >QEMU binary is available at: > >https://us-east.manta.joyent.com/rmustacc/public/sec/CVE-2015-3456/qemu-system-x86_64 > >The SHA 256 signature is: >38089c8e23e59b624e092ced579dd8f5bc095618a944225b7b2d273796c35fdd > >A signature is available here, it has been signed with the 2014Q4 >package signing keys. Use an instance of pkgsrc 2014Q4 to verify it: > >https://us-east.manta.joyent.com/rmustacc/public/sec/CVE-2015-3456/qemu-system-x86_64.asc Service above and beyond - thanks very much! Joe ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
