Re: [vserver] vserver saves my ass yet again

From: Ed W <lists_at_wildgooses.com>
Date: Mon 20 Dec 2010 - 17:19:42 GMT
Message-ID: <4D0F902E.3050106@wildgooses.com>

On 17/12/2010 18:19, Eugen Leitl wrote:
> Got hit by
> http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_got_installed_on_my/
> yet the host seems unharmed (not completely sure yet).
> This is the second time this happens, the last time

Curiously enough - vserver + grsec would have apparently prevented the
root escalation in the first place (if only because of limiting access
to kallsyms?).

Kernel level root escalations are quite scary in a virtualised
environment - it would be interesting to get an idea from Herbert about
whether that level of kernel escalation allows the rooted user to escape
from the vserver jail, and whether there is anything further that can be
done to limit that in practice?

Regards

Ed W
Received on Mon Dec 20 17:19:53 2010

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Dec 2010 - 17:19:54 GMT by hypermail 2.1.8