User: Password:
|
|
Subscribe / Log in / New account

The Savannah Compromise - what really happened?

The Savannah Compromise - what really happened?

Posted Jan 6, 2004 0:46 UTC (Tue) by JoeBuck (guest, #2330)
In reply to: The Savannah Compromise - what really happened? by iabervon
Parent article: The Savannah Compromise - what really happened?

But we are talking about actions taken in response to the Debian and Savannah compromises. Given a kernel bug that allows a cleverly written program to get root, if you can execute a program from within the jail and such a flaw exists, you get a get-out-of-jail-free card. Another such bug was just discovered.

So, I repeat: chroot jails are useless if a kernel bug provides a root exploit.


(Log in to post comments)

The Savannah Compromise - what really happened?

Posted Jan 8, 2004 23:06 UTC (Thu) by Ross (guest, #4065) [Link]

Oh, yes, I completely agree in that case. But people weren't careful to
limit their arguments to that case. In fact, with a root-exploitable
kernel bug any attacker that can run arbitrary code can access the whole
system, no matter what user they run the code as or what type of jail the
code is put into. In short, having a secure kernel is a requirement for
any other security on the system so long as untrusted users have access to
run code.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds