Re: [patch] let CONFIG_SECCOMP default to n
From: Jeff Dike
Date: Thu Jul 13 2006 - 07:25:16 EST
On Thu, Jul 13, 2006 at 05:16:14AM +0200, Andrea Arcangeli wrote:
> On Thu, Jul 13, 2006 at 12:19:11AM +0200, Ingo Molnar wrote:
> > attacked ptrace, implicitly weakening the security perception of other
> > syscall filtering based projects like User Mode Linux. Now what we have
>
> Note that UML had a security weakness already that allowed to escape
> the jail, see bugtraq. Infact his complexity is huge regardless of
> ptrace, the security hole probably wasn't even ptrace related (I don't
> remember the exact details).
Not hardly. If you did remember the exact details, you'd remember
that it was in 2000, and someone "discovered" that tt mode didn't
allow kernel memory to be protected from userspace. It had always
been well documented that tt mode had this problem and you shouldn't
be using it if you needed a secure VM.
See http://www.securityfocus.com/bid/3973/info
Now, there were a couple of ways to legitimately escape from UML, and
they *did* involve ptrace. Things like single-stepping a system call
instruction or putting a breakpoint on a system call instruction and
single-stepping from the breakpoint. As far as I know, these were
discovered and fixed by UML developers before there was any outside
awareness of these bugs.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/