Local root vulnerability in the kernel
Posted May 15, 2013 18:42 UTC (Wed) by aliguori (subscriber, #30636)
We have seccomp() support in QEMU and we do not have this system call in our whitelist. If an attacker was able to break into QEMU, sandboxing would stop the attempted privilege escalation.
It's a good example of why more applications should use sandboxing if they are likely attack targets.
Posted May 15, 2013 21:05 UTC (Wed) by landley (subscriber, #6789)
Posted May 15, 2013 21:40 UTC (Wed) by spender (subscriber, #23067)
Posted May 15, 2013 21:14 UTC (Wed) by landley (subscriber, #6789)
As the old saying goes, you either make the system simple enough there are obviously no vulnerabilities, or you make it complicated enough there are no obvious vulnerabilities.
(Of course "unknown" is relative. I'm curious about http://www.exploit-db.com/exploits/25444/ having "2010" in the copyright-like notice up top. I know the israeli secret service and russian kleptocracy and such have way better fuzzers than open source has bothered with until recently, the main protection for Ubuntu systems is we're less than 1% of the installed base so nobody _cares_. I'd worry more about android phones getting morris-wormed with something like this...)
Posted May 16, 2013 0:46 UTC (Thu) by aliguori (subscriber, #30636)
Applications that are high risk need to proactively isolate themselves and reduce that boundary.
Let's not kid ourselves here. If you have local user privileges and can run arbitrary code, SELinux or not, I'm quite confident there are more 0days out there that you could use to elevate to root.
"unprivileged" users don't exist anymore.
Posted May 17, 2013 2:57 UTC (Fri) by deater (subscriber, #11746)
perf can't be compiled as a module, and as far as I know it can't be turned off on x86 since about 2.6.37 or so. I'll be glad to be proven wrong on that count though.
It's true any user/kernel interface leads to issues like this, but it doesn't help that perf has such a complex interface (check out the manpage for it sometime). We might have been better off if a simpler perf counter interface (like perfctr or perfmon2) that was closer to a thin layer abstracting the MSRs had been merged instead.
Posted May 16, 2013 16:31 UTC (Thu) by robert_s (subscriber, #42402)
Posted May 16, 2013 22:18 UTC (Thu) by geofft (subscriber, #59789)
Posted May 17, 2013 8:52 UTC (Fri) by robert_s (subscriber, #42402)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds