On Wednesday 09 February 2005 10:36, Dominik Hirt wrote: > Hi > > Many thanks for your answer. > So the problem exists only when module support is activated in the > kernel of the uml, right? Well, what I said is that on any UML the guest root can do everything on the host as normal user (but everything is not much if you chroot your UML). And this is not the "security hole" I spoke about, since this is not fixable (it's not a bug either, actually).
That's easy to exploit with module support, and possible even without when /dev/kmem is writable; this applies also to normal kernels, there is literature about normal kernels. It is probably hard, however, I guess. The bug which is fixed in the patches allows *normal user* to reach the host, even without module support. > Do you need any mirror in Switzerland? > When the expected traffic is not too high I could offer you one for > free. Well, thanks a lot, however for now I don't think additional mirrors are needed... at least until somebody starts complaining for the load (but patches are usually little, so there should not be any problem, I guess). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 http://www.user-mode-linux.org/~blaisorblade ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
