[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel:
From: Kees Cook <kees () ubuntu ! com>
Date: 2011-02-26 7:30:38
Message-ID: 20110226073038.GP4669 () outflux ! net
[Download RAW message or body]
On Fri, Feb 25, 2011 at 03:10:10PM +0300, Vasiliy Kulikov wrote:
> UID 0 without capabilities has not been made really unprivileged yet.
> It makes sense only within namespace container without any virtual
> filesystem which handles permissions with uid/gid checks (not CAP_*).
> But this is rather strange.
True, but I was just trying to show some examples. The case I'm most
concerned about is the case where modules_disable has been set. It
is possible to use acpi/custom_method to unset this and then load
kernel rootkit modules, etc.
I know it's a special case, but it still provides arbitrary kernel
memory writes which is not an intended ability for any user to
have, even root.
-Kees
--
Kees Cook
Ubuntu Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic