[ILUG] kernel security hole
Daniel Shaw
dshaw78 at gmail.com
Wed Feb 13 18:25:32 GMT 2008
>
> Isn't it trivial to break out of chroots?
No. Not always. That's the whole point of chrooting in the first place isn't it?
However as pointed out below this is a local exploit, i.e. run from a
shell so doesn't have anything to do with a web server chrooted or
otherwise.
>
> Aren't there loads of local root exploits already?
Pretty much. Limit shell accounts and access to ssh port is the good
old obvious thing to do.
> Why so much news about this one?
Good question actually. But a couple reasons might contribute: 1. Many
of the loads of exiting ones are in userland stuff that may or may not
be installed. A system may or may not have a vulnerable perl module or
ftp command or whatever it is. Every system has a kernel though. So
even though not every one will be a vulnerable version, still the
numbers of vulnerable systems are probably greater than for other
exploits. 2. Apparently a nasty side effect of trying this within a
Xen VM is that it can crash the hypervisor and therefore bring down
all other VMs. This could be very bad in a shared VM hosting set up
where one vulnerable account on one VM could result in complete
reboots of many other non-vulnerable VMs.
Note point one is speculation and point two is rumour. But that's what
came to mind.
Cheers,
Daniel
More information about the ILUG
mailing list