From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Mon 09 Dec 2002 - 20:12:38 GMT

• Next message: Burak BASKAN: "Re: [vserver] 2.4.19ctx-15 and vserver 0.22"
• Previous message: Jacques Gelinas: "Re: [vserver] 2.4.19ctx-15 and vserver 0.22"
• In reply to: Mihai RUSU: "[vserver] protecting from kernel rootkits"

On Thu, 5 Dec 2002 15:05:04 -0500, Mihai RUSU wrote
> Hi
>
> For some time I thought that running kernels without module support is a
> complete solution to kernel rootkits. That was wrong as there are some
> other ways except modules: /dev/mem, DMA programming ...

You can't access /dev/mem from a vserver. I don't think you can reach the DMA
either. A vserver, without CAP_MKNOD is not allowed to create device, so it can
only use the one available. As such, a typical vserver can't load module at all.

So by default, the root server can't be attacked from a vserver. A root kit used
in a vserver will only be able to change files there and won't be able to temper
with the kernel.

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc

• Next message: Burak BASKAN: "Re: [vserver] 2.4.19ctx-15 and vserver 0.22"
• Previous message: Jacques Gelinas: "Re: [vserver] 2.4.19ctx-15 and vserver 0.22"
• In reply to: Mihai RUSU: "[vserver] protecting from kernel rootkits"