From: "Peter" <support@rimuhosting.com>
To: user-mode-linux-devel@lists.sourceforge.net
Subject: Re: [uml-devel] Module exploits into the host?
Date: Thu, 4 Mar 2004 23:19:01 +1300 [thread overview]
Message-ID: <045601c401d2$a7c6f390$0600a8c0@objexcel> (raw)
In-Reply-To: 20040304093605.GA24034@patrick.wattle.id.au
And disable hostfs on your UML kernel (even if you're not passing a hostfs to the UML instance on its command line).
----- Original Message -----
From: "Cameron Patrick" <cameron@patrick.wattle.id.au>
To: <user-mode-linux-devel@lists.sourceforge.net>
Sent: Thursday, March 04, 2004 10:36 PM
Subject: Re: [uml-devel] Module exploits into the host?
> Henrik Nordstrom wrote:
>
> | If you want to minimize this, run the UML chrooted (and absolutely not as
> | root). The use of process capabilities can also be used to limit the
> | possible damage, or any of the security extensions to Linux.
>
> Also, don't build module support into the kernel, and edit drivers/char/mem.c
> to disable writes to /dev/mem and /dev/kmem.
>
> Cameron.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id\x1470&alloc_id638&opÌk
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next prev parent reply other threads:[~2004-03-04 10:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-03 20:09 [uml-devel] Module exploits into the host? Robin Green
2004-03-03 21:29 ` Henrik Nordstrom
2004-03-03 23:14 ` [uml-devel] More security questions (was: Module exploits into the host?) Robin Green
2004-03-07 11:06 ` BlaisorBlade
2004-03-08 21:33 ` Jeff Dike
2004-03-09 23:21 ` Robin Green
2004-03-04 9:36 ` [uml-devel] Module exploits into the host? Cameron Patrick
2004-03-04 10:19 ` Peter [this message]
2004-03-04 19:45 ` [uml-devel] CFP workshop on UML Security (was: Module exploits into the host?) Goetz Bock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='045601c401d2$a7c6f390$0600a8c0@objexcel' \
--to=support@rimuhosting.com \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.