| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201101271150.17120.sgrubb@redhat.com> Date: Thu, 27 Jan 2011 11:50:16 -0500 From: Steve Grubb <sgrubb@...hat.com> To: "Andrew G. Morgan" <morgan@...nel.org> Cc: Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org, "Serge E. Hallyn" <serge@...onical.com>, "Serge E. Hallyn" <serge.hallyn@...onical.com>, linux-security-module@...r.kernel.org Subject: Re: [PATCH] System Wide Capability Bounding Set On Thursday, January 27, 2011 11:35:13 am Andrew G. Morgan wrote: > > Today, people want to have multi-tenant hosting using virtual > > machines whereby they give away root control of the guest VM. > > If you were renting system space, you would expect root access. > > That would make a nice juicy hacking target because you don't know > > who else is sharing the physical machine with you and they might > > have something in their VM worth stealing. > > Which root filesystem (/) do kernel helpers run in in such a virtual setup? I would assume that root in the VM could umount and mount anything. Or bind mount over it. We really want any change to a global bounding set done before initrd finishes doing its thing. This way there is no chance for mischief by the time control is turned over to /sbin/init - which root controls. -Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists