* [uml-devel] SecurityFocus Article
@ 2006-05-11 14:45 Ed White
2006-05-11 15:30 ` Jeff Dike
0 siblings, 1 reply; 2+ messages in thread
From: Ed White @ 2006-05-11 14:45 UTC (permalink / raw)
To: ML
A researcher of the french NSA discovered a scary vulnerability in modern x86 cpus and chipsets that expose the kernel to direct tampering.
The problem is that a feature called System Management Mode could be used to bypass the kernel and execute code at the highest level possible: ring zero.
The big problem is that the attack is possible thanks to the way X Windows is designed, and so the only way to eradicate it is to redesign it, moving video card driver into the kernel, but it seems that this cannot be done also for missing drivers and documentation!
I would like to know if UML barriers could by bypassed using this attack, or not. Maybe we will need a patch for the kernel, or for UML, or what?
Any hint is appreciated.
------------------------------------------------------------------------
The quest for ring 0
by Federico Biancuzzi
2006-05-10
Federico Biancuzzi interviews French researcher Loïc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs.
http://www.securityfocus.com/columnists/402
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [uml-devel] SecurityFocus Article
2006-05-11 14:45 [uml-devel] SecurityFocus Article Ed White
@ 2006-05-11 15:30 ` Jeff Dike
0 siblings, 0 replies; 2+ messages in thread
From: Jeff Dike @ 2006-05-11 15:30 UTC (permalink / raw)
To: Ed White; +Cc: ML
On Thu, May 11, 2006 at 02:45:08PM -0000, Ed White wrote:
> I would like to know if UML barriers could by bypassed using this
> attack, or not. Maybe we will need a patch for the kernel, or for UML,
> or what?
I don't see an actual attack. The article is assuming some
unspecified vulnerability in the X server.
That being said, UML instances (and processes inside them) typically
have no access to the host's X server, so I can't see this being used
to break out of a UML.
If the host X server accepts connections from remote machines, and has
a vulnerability that can be exploited remotely, then a UML can connect
to it and use it to break out. However, I would regard this as being
a generic remote exploit that a UML happens to be able to use rather
than something specific to UML.
In this case, as with other remote exploits, the fix is on the host
rather than in the UML.
Jeff
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-05-11 15:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-11 14:45 [uml-devel] SecurityFocus Article Ed White
2006-05-11 15:30 ` Jeff Dike
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.