Subject: Re: Escaping a chroot jail
To: None <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 07/14/2005 09:29:00
In message <20050714131230.GC9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 08:42:04, Steven M. Bellovin wrote:
>> Right. As I noted in my earlier post, chroot() isn't proof against
>> As for the default security level of 1 -- for anyone who wants to run
>> X, that's simply not possible. I understand why, of course, but it
>> doesn't help with everything else.
>But that's what we have the aperture lkm for. It allows exactly one
>process to get r/w access to the memory space of the VGA board. AFAIK
>almost all modern drivers work with this workaround. In all other
>respects it still has all the features of a normal kernel running
>at securelevel 1. No write access to devices of mounted disks, no
>access to /dev/(k)mem, ...
Thanks, though I confess that the thought of a security mechanism
requiring LKM to be enabled is amusing...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb