On Tue, 1 Aug 2006, TongKe Xue wrote: > Original Belief: I can use UML as a virtual machine; jail untrusted > processes. > > Let's say I am a user U, on a machine M running Linux. > I run an instance, UML1 of User Mode Linux. > Within this instance of UML1, I create a new user "jailedUser". > "jailedUser" executes a program in UML1, "untrustedProg". > > If this is the case, what protects "untrustedProg" from playing around > with the kernel memory of UML1?
untrustedProg cannot use legitimate means to induce UML1's kernel to map kernel memory (except according to the UNIX file permissions of /dev/kmem). However, a hacker might exploit some security hole and use illegitimate means. For example, suppose you have a system daemon that runs as root (in UML1), and its defenses against abuse are not completely effective. Now the hacker can run roughshod over UML1's kernel, and he can then interact arbitrarily with the host machine. However, this happens as the executing user <U>, who is supposed to have the least feasible privileges. The hacker needs to use a stack of additional, different, hypothetical vulnerabilities to escalate host user privilege to host root, and also to break out of a chroot jail if that is in use. Only then would he have root privilege on the host. As I understand it, the general idea on UML jails is that you're running a service with known or suspected security flaws. As soon as you discover that hackers have infested your UML, you wipe it and return to a Known Good State, which is trivial if you used copy-on-write for the filesystem(s). The host would run a kernel and (very few) daemons that the hackers could not penetrate (you hope), so you're spared the effort and security exposure of rebuilding your host system. However, you do need to keep an eye on hacker activity because they can steal valuable information stored on the UML, such as credit card numbers if you're doing e-commerce, or use your UML as a transfer point (bot) for reproducing or for sending spam. These are the same issues as on a non-UML host. Careful design of databases and of firewalls can limit what the hackers can do. Hope this helps! James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: [EMAIL PROTECTED] http://www.math.ucla.edu/~jimc (q.v. for PGP key) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
