About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Mon 09 Dec 2002 - 20:12:38 GMT


On Thu, 5 Dec 2002 15:05:04 -0500, Mihai RUSU wrote
> Hi
>
> For some time I thought that running kernels without module support is a
> complete solution to kernel rootkits. That was wrong as there are some
> other ways except modules: /dev/mem, DMA programming ...

You can't access /dev/mem from a vserver. I don't think you can reach the DMA
either. A vserver, without CAP_MKNOD is not allowed to create device, so it can
only use the one available. As such, a typical vserver can't load module at all.

So by default, the root server can't be attacked from a vserver. A root kit used
in a vserver will only be able to change files there and won't be able to temper
with the kernel.

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 13 Dec 2002 - 03:49:14 GMT by hypermail 2.1.3