On Wed, Aug 02, 2006 at 02:15:39PM -0400, Jeff Dike wrote: > On Wed, Aug 02, 2006 at 10:35:20AM -0700, Jim Carter wrote: > > untrustedProg cannot use legitimate means to induce UML1's kernel to map > > kernel memory (except according to the UNIX file permissions of /dev/kmem). > > And whether /dev/kmem allows writing. This has been controversial in > the past (and I vaguely recall it being (at least optionally) > disabled). Currently, it is writable, but open is under the control > of CAP_SYS_RAWIO, so removing that from the capabilities received by > init will remove from the system the ability to write kmem. > > In this case, UML (in the absence of exploitable UML bugs) is safe > against the root user.
You'll also want to remove CAP_SYS_MODULE (and make sure the config files that set the capabilities inside the guest OS are immutable so the cap dropping can't be removed to break out after a reboot). -- Frank v Waveren Key fingerprint: BDD7 D61E [EMAIL PROTECTED] 5D39 CF05 4BFC F57A Public key: hkp://wwwkeys.pgp.net/468D62C8 FA00 7D51 468D 62C8
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ User-mode-linux-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
