From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
Subject: Re: Re: Module loading in unpriveledged domains
Date: Tue, 23 Nov 2004 17:10:33 +0000
Message-ID: <41A36F09.3030005@blueyonder.co.uk>
References: <E1CWMBD-0005iA-00@mta1.cl.cam.ac.uk> <41A2980B.8090506@blueyonder.co.uk> <87d5y47by5.fsf@aka.i.naked.iki.fi>
Reply-To: david.nospam.hopwood@blueyonder.co.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-admin@lists.sourceforge.net>
In-Reply-To: <87d5y47by5.fsf@aka.i.naked.iki.fi>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org

Nuutti Kotivuori wrote:
> David Hopwood wrote:
> 
>>True, unless there are bugs that cause different behaviour depending
>>on whether a module is compiled-in or loaded (such as
>><http://lists.jammed.com/linux-security-module/2003/12/0012.html>).
>>Nevertheless enabling loadable modules may allow a greater
>>proportion of script kiddies to be capable of exploiting any given
>>bug.
>>
>>This is all the same as in standard Linux, so perhaps I should have
>>said: enable loadable modules iff you would do so in standard Linux.
> 
> That's a bit of an odd comment I think.
> 
> Enabling module loading has security implications for the actual Linux
> system being exploited - eg. either the physical machine in a
> standalone case, or a Xen guest virtual machine.
> 
> But the original question was not about the security of that machine,
> but about the possibility of escalation of that exploit into other
> Xen guests or the domain 0 on the same physical machine.

If there is no exploit, then there is no possibility of escalation.
On a physical machine running Linux on Xen where an attacker only has
direct access to Linux user-mode processes, the attacker has two layers
that must both be exploited: Linux and Xen. Obviously, bugs and
misconfigured settings in both Linux and Xen are therefore relevant
to the security of the physical machine.

-- 
David Hopwood <david.nospam.hopwood@blueyonder.co.uk>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/