|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Sainty (dave
dtsp.co.nz)Date: Wed Jul 11 2001 - 05:18:05 CDT
It occurs to me that one could theoretically (but not easily) jump out
of a chroot using i386_iopl(2) and related calls, possibly by
manipulating the hard drives, possibly some other way.
Perhaps these functions (i386_iopl, i386_set_ioperm) should be
disabled for chrooted processes?
A compile time option to disable them might be a good idea too?
(Regardless of what security level you run your kernel at)
Cheers,
Dave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]