On Thu, 5 Dec 2002 15:05:04 -0500, Mihai RUSU wrote > Hi > > For some time I thought that running kernels without module support is a > complete solution to kernel rootkits. That was wrong as there are some > other ways except modules: /dev/mem, DMA programming ...
You can't access /dev/mem from a vserver. I don't think you can reach the DMA either. A vserver, without CAP_MKNOD is not allowed to create device, so it can only use the one available. As such, a typical vserver can't load module at all. So by default, the root server can't be attacked from a vserver. A root kit used in a vserver will only be able to change files there and won't be able to temper with the kernel. --------------------------------------------------------- Jacques Gelinas <[EMAIL PROTECTED]> vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc
