[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel:
From:       Kees Cook <kees () ubuntu ! com>
Date:       2011-02-26 7:30:38
Message-ID: 20110226073038.GP4669 () outflux ! net
[Download RAW message or body]

On Fri, Feb 25, 2011 at 03:10:10PM +0300, Vasiliy Kulikov wrote:
> UID 0 without capabilities has not been made really unprivileged yet.
> It makes sense only within namespace container without any virtual
> filesystem which handles permissions with uid/gid checks (not CAP_*).
> But this is rather strange.

True, but I was just trying to show some examples. The case I'm most
concerned about is the case where modules_disable has been set. It
is possible to use acpi/custom_method to unset this and then load
kernel rootkit modules, etc.

I know it's a special case, but it still provides arbitrary kernel
memory writes which is not an intended ability for any user to
have, even root.

-Kees

-- 
Kees Cook
Ubuntu Security Team
[prev in list] [next in list] [prev in thread] [next in thread]