On Monday 14 February 2005 19:42, Ali Campbell wrote: > Hi there, > > I'm running a 2.4.29 guest kernel (Blaisorblade's patch set) to run a > public apache and postfix. I am not using hostfs. I was wondering > whether there are any known security problems with this release other > than the setuid hostfs issue, and if so whether I should migrate to 2.6. Well, if you use a chroot you should be safe...
Note that root can always, in every UML version, (either through module support or through write access to /dev/kmem) insert modules which have the same power as hostfs (it's a module after all, no?) - it includes executing a shell on the host. So chrooting is needed (and a "mkdir /chroot/proc && touch /chroot/proc/mm && mount --bind /proc/mm /chroot/proc/mm" will help getting the SKAS support inside the chroot). That said, there are some problems which are fixed in 2.6.9-bs7 or in the upcoming 2.6.11, and they allow unpriviledged users inside the guest to do the same thing. They are not fixed in the 2.4 -bs patchset yet, and only partially fixed inside the 2.4.27-1um tree. -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 http://www.user-mode-linux.org/~blaisorblade ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ User-mode-linux-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
