Subject: Re: Escaping a chroot jail
To: Steven M. Bellovin <email@example.com>
From: Todd Vierling <firstname.lastname@example.org>
Date: 07/14/2005 09:48:55
On Thu, 14 Jul 2005, Steven M. Bellovin wrote:
> >But that's what we have the aperture lkm for. It allows exactly one
> >process to get r/w access to the memory space of the VGA board. AFAIK
> >almost all modern drivers work with this workaround. In all other
> >respects it still has all the features of a normal kernel running
> >at securelevel 1. No write access to devices of mounted disks, no
> >access to /dev/(k)mem, ...
> Thanks, though I confess that the thought of a security mechanism
> requiring LKM to be enabled is amusing...
Code "purity" advocates prevented it from being brought into the NetBSD base
source tree, basing on arguments that DMA commands to the card could move
data around as easily as writing to /dev/[k]mem. And yes, such commands can
do exactly that; but of course, "options INSECURE" lets you do that and
much, much more.
I still think that such arguments were and are a bunch of near-FUD politics,
and the code belongs where it can be configured directly into the kernel.
After all, GENERIC has a line suggesting that INSECURE be turned on if using
X. Wouldn't it be more sane to shrink that hole a bit, even if it doesn't
close it completely, since at least one of the two holes is *required* for X
to function on modern cards?
-- Todd Vierling <email@example.com> <firstname.lastname@example.org> <email@example.com>