From: Doug Dumitru <doug@easyco.com>
To: user-mode-linux-devel@lists.sourceforge.net
Subject: [uml-devel] Hardening hostfs
Date: Thu, 16 Oct 2003 22:20:06 -0700 [thread overview]
Message-ID: <3F8F7C06.7080306@easyco.com> (raw)
I have been trying to build a reasonably bullet-proof UML kernel that
prevents users from doing hostfs mounts.
I have observed some behaviours which are non ideal.
1. If hostfs is compiled in as a module, then the hostfs=...
command-line arguments are not used. Thus, trying to restrict access
with this does not appear to be effective.
2. If hostfs is not compiled in at all, you can still load a hostfs
module assuming that you can build one off-line. This would allow a
compromise of an underlying system by a "moderate" hacker with root
access to the virtual.
The best that I have come up with is:
o Run UML in a chroot jail.
o Compile UML with hostfs included and not as a module
o Supply a command line ... hostfs=/doesnotexist,append when booting
I don't think that this is perfect as you could still load a LKM and
probably get to the underlying filesystem. At least it is chroot'd at
this point.
I have been trying to work out a way to further harden this, but there
seem to be a number of stumbling blocks.
A lot of device open/close on the fly, so chrooting all of UML might be
hard. The best that I can think of is to build a chroot jail with only
those devices.
You still have to deal with /proc/mm for SKAS mode (at least until the
next SKAS interface shift).
--
--------------------------------------------------------------------
Doug Dumitru 800-470-2756 (610-237-2000)
EasyCo LLC doug@easyco.com http://easyco.com
--------------------------------------------------------------------
D3, U2, jBase Virtual Servers. Off-site backup over the internet.
Develop/test/deploy from $20/mo. Fast, secure, cheaper than tape.
http://mirroredservers.com http://mirroredbackup.com
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next reply other threads:[~2003-10-17 5:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-17 5:20 Doug Dumitru [this message]
2003-10-17 5:52 ` [uml-devel] Hardening hostfs Russell Coker
2003-10-17 6:09 ` Peter
2003-10-17 8:26 ` Geert Uytterhoeven
2003-10-16 1:48 ` Jeff Dike
2003-10-17 22:35 ` Henrik Nordstrom
2003-10-18 13:22 ` BlaisorBlade
2003-10-18 21:56 ` Henrik Nordstrom
2003-10-24 14:41 ` Michael Richardson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F8F7C06.7080306@easyco.com \
--to=doug@easyco.com \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.