On Wed, Aug 02, 2006 at 10:35:20AM -0700, Jim Carter wrote:
> untrustedProg cannot use legitimate means to induce UML1's kernel to map
> kernel memory (except according to the UNIX file permissions of /dev/kmem).
And whether /dev/kmem allows writing. This has been controversial in
the past (and I vaguely recall it being (at least optionally)
disabled). Currently, it is writable, but open is under the control
of CAP_SYS_RAWIO, so removing that from the capabilities received by
init will remove from the system the ability to write kmem.
In this case, UML (in the absence of exploitable UML bugs) is safe
against the root user.
Jeff
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
